tigervnc-1.8.0-21.el7

エラータID: AXSA:2020-559:04

Release date: 
Monday, October 5, 2020 - 08:59
Subject: 
tigervnc-1.8.0-21.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

tigervnc: Stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder (CVE-2019-15691)
tigervnc: Heap buffer overflow triggered from CopyRectDecoder due to incorrect value checks (CVE-2019-15692)
tigervnc: Heap buffer overflow in TightDecoder::FilterGradient (CVE-2019-15693)
tigervnc: Heap buffer overflow in DecodeManager::decodeRect (CVE-2019-15694)
tigervnc: Stack buffer overflow in CMsgReader::readSetCursor (CVE-2019-15695)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7 Release Notes linked from the References section.

CVE-2019-15691
TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
CVE-2019-15692
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
CVE-2019-15693
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
CVE-2019-15694
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
CVE-2019-15695
TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. tigervnc-1.8.0-21.el7.src.rpm
    MD5: 2cf11d14da7647379daf4fce2e1e4376
    SHA-256: 9d0e6f78366abbff5ad6f3cec98f39a371096dcde8dbe5226f013fba5e7c7acf
    Size: 1.44 MB

Asianux Server 7 for x86_64
  1. tigervnc-1.8.0-21.el7.x86_64.rpm
    MD5: f9cfdcd5b06f1962eb08e994c0ee084f
    SHA-256: 9120c89ea6967e124ff068de826d5c7e47c62c448f17cb31e428ad8a994bbb2f
    Size: 240.05 kB
  2. tigervnc-icons-1.8.0-21.el7.noarch.rpm
    MD5: 1910dbdecf5e0f8f600b74b87f7f46b8
    SHA-256: 25a3878c93462e36bc499d6cb1cd88ecdd4c87cd891a3cecf4574a0873d1d22f
    Size: 38.73 kB
  3. tigervnc-license-1.8.0-21.el7.noarch.rpm
    MD5: b98a222e68b5c5373439ab172026723b
    SHA-256: 5dd1d60252e54b286c9624e0e99a69f771b820086c8c68c16bd8c958a448f465
    Size: 29.49 kB
  4. tigervnc-server-1.8.0-21.el7.x86_64.rpm
    MD5: d761d9c7eef834342b567cba4cb42951
    SHA-256: 92cb881fa428e92cccac6b44aadb658390e254602f440bedaf4328f1c8877b40
    Size: 215.32 kB
  5. tigervnc-server-minimal-1.8.0-21.el7.x86_64.rpm
    MD5: 590ee2e755fe4c6f1a41918afe670ca0
    SHA-256: 12b71f1780c4e37743f9992aca1f01550d9346dd698df91265dffbb4d21d5524
    Size: 1.04 MB