AXSA:2021-2098:01

Release date: 
Tuesday, June 29, 2021 - 05:03
Subject: 
libvncserver-0.9.11-17.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

LibVNCServer is a C library that enables you to implement VNC server functionality into own programs.

Security Fix(es):

* libvncserver: uninitialized memory contents are vulnerable to Information Leak (CVE-2018-21247)
* libvncserver: buffer overflow in ConnectClientToUnixSock() (CVE-2019-20839)
* libvncserver: libvncserver/rfbregion.c has a NULL pointer dereference (CVE-2020-14397)
* libvncserver: libvncclient/rfbproto.c does not limit TextChat size (CVE-2020-14405)
* libvncserver: libvncserver/rfbserver.c has a divide by zero which could result in DoS (CVE-2020-25708)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2018-21247
An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.
CVE-2019-20839
libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.
CVE-2020-14397
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.
CVE-2020-14405
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.
CVE-2020-25708
A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. libvncserver-0.9.11-17.el8.src.rpm
    MD5: a9391ce470764badcc961842caad503e
    SHA-256: 4a9d8e220c1959eb815052d48b8b406fa2ef7bd2ab85e3df7612dc04320890f4
    Size: 1.39 MB

Asianux Server 8 for x86_64
  1. libvncserver-0.9.11-17.el8.x86_64.rpm
    MD5: c8e2af0856bd7ae5ef4baf64697ca33c
    SHA-256: 6ebbb2ea1e53abea24ff8a31656f9baf8478c03010806a2fd3470187593e0cef
    Size: 274.31 kB
  2. libvncserver-0.9.11-17.el8.i686.rpm
    MD5: d0f62bd6fa14256ddf4034fcd1624311
    SHA-256: 0c87e3139474d9abcd1aba02ced3f9490a7ffcf32d145c24fed6edb7458cf4a9
    Size: 284.36 kB
Copyright© 2007-2015 Asianux. All rights reserved.