MGASA-2019-0037 - Updated libvncserver & x11vnc packages fix security vulnerabilities

Publication date: 15 Jan 2019
URL: https://advisories.mageia.org/MGASA-2019-0037.html
Type: security
Affected Mageia releases: 6
CVE: CVE-2018-6307,
     CVE-2018-15126,
     CVE-2018-15127,
     CVE-2018-20019,
     CVE-2018-20020,
     CVE-2018-20021,
     CVE-2018-20022,
     CVE-2018-20023,
     CVE-2018-20024

A heap use-after-free vulnerability in the server code of the file
transfer extension, which can result in remote code execution. This
attack appears to be exploitable via network connectivity
(CVE-2018-6307).

A heap use-after-free vulnerability in the server code of the file
transfer extension, which can result in remote code execution. This
attack appears to be exploitable via network connectivity
(CVE-2018-15126).

A heap out-of-bound write vulnerability in the server code of the file
transfer extension, which can result in remote code execution. This
attack appears to be exploitable via network connectivity
(CVE-2018-15127).

Multiple heap out-of-bound write vulnerabilities in VNC client code,
which can result in remote code execution (CVE-2018-20019).

Heap out-of-bound write vulnerability in a structure in VNC client code,
which can result in remote code execution (CVE-2018-20020).

Infinite Loop vulnerability in VNC client code. The vulnerability could
allow an attacker to consume an excessive amount of resources, such as
CPU and RAM (CVE-2018-20021).

Improper Initialization weaknesses in VNC client code, which could allow
an attacker to read stack memory and can be abused for information
disclosure. Combined with another vulnerability, it can be used to leak
stack memory layout and bypass ASLR (CVE-2018-20022).

Improper Initialization vulnerability in VNC Repeater client code, which
could allow an attacker to read stack memory and can be abused for
information disclosure. Combined with another vulnerability, it can be
used to leak stack memory layout and bypass ASLR (CVE-2018-20023).

A null pointer dereference in VNC client code, which can result in DoS
(CVE-2018-20024).

References:
- https://bugs.mageia.org/show_bug.cgi?id=24177
- https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.12
- https://github.com/LibVNC/x11vnc/releases/tag/0.9.15
- https://github.com/LibVNC/x11vnc/releases/tag/0.9.16
- https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html
- - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024

SRPMS:
- 6/core/libvncserver-0.9.12-1.mga6
- 6/core/x11vnc-0.9.16-1.mga6

Mageia 2019-0037: libvncserver & x11vnc security update

A heap use-after-free vulnerability in the server code of the file transfer extension, which can result in remote code execution

Summary

A heap use-after-free vulnerability in the server code of the file transfer extension, which can result in remote code execution. This attack appears to be exploitable via network connectivity (CVE-2018-6307).
A heap use-after-free vulnerability in the server code of the file transfer extension, which can result in remote code execution. This attack appears to be exploitable via network connectivity (CVE-2018-15126).
A heap out-of-bound write vulnerability in the server code of the file transfer extension, which can result in remote code execution. This attack appears to be exploitable via network connectivity (CVE-2018-15127).
Multiple heap out-of-bound write vulnerabilities in VNC client code, which can result in remote code execution (CVE-2018-20019).
Heap out-of-bound write vulnerability in a structure in VNC client code, which can result in remote code execution (CVE-2018-20020).
Infinite Loop vulnerability in VNC client code. The vulnerability could allow an attacker to consume an excessive amount of resources, such as CPU and RAM (CVE-2018-20021).
Improper Initialization weaknesses in VNC client code, which could allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and bypass ASLR (CVE-2018-20022).
Improper Initialization vulnerability in VNC Repeater client code, which could allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and bypass ASLR (CVE-2018-20023).
A null pointer dereference in VNC client code, which can result in DoS (CVE-2018-20024).

References

- https://bugs.mageia.org/show_bug.cgi?id=24177

- https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.12

- https://github.com/LibVNC/x11vnc/releases/tag/0.9.15

- https://github.com/LibVNC/x11vnc/releases/tag/0.9.16

- https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html

- - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6307

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024

Resolution

MGASA-2019-0037 - Updated libvncserver & x11vnc packages fix security vulnerabilities

SRPMS

- 6/core/libvncserver-0.9.12-1.mga6

- 6/core/x11vnc-0.9.16-1.mga6

Severity
Publication date: 15 Jan 2019
URL: https://advisories.mageia.org/MGASA-2019-0037.html
Type: security
CVE: CVE-2018-6307, CVE-2018-15126, CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved