tigervnc-1.8.0-21.el7
エラータID: AXSA:2020-559:04
リリース日:
2020/10/05 Monday - 08:59
題名:
tigervnc-1.8.0-21.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- TigerVNCには、デコードルーチンが例外をスローしたとき、
デコーダーがスタック変数へのアクセスを試みるため、use-after-return
が起こり、潜在的にリモートからのコード実行を許してしまう脆弱性があります。
(CVE-2019-15691)
- TigerVNCには、正しくない値チェックにより、ヒープバッファオーバーフローが起こり、
潜在的にリモートからのコード実行を許してしまう脆弱性があります。
(CVE-2019-15692)
- TigerVNCには、ヒープバッファオーバーフローにより、
潜在的にリモートからのコード実行を許してしまう脆弱性があります。
(CVE-2019-15693)
- TigerVNCには、符号エラーが発生したとき、ヒープバッファ
オーバーフローが起こり、潜在的にリモートからのコード実行を
許してしまう脆弱性があります。(CVE-2019-15694)
- TigerVNCには、サニタイズが不十分なため、攻撃者がバッファの
スタート位置になるようなオフセット値を選ぶことによりスタック
バッファオーバーフローを起こし、潜在的にリモートからの
コード実行を許してしまう脆弱性があります。(CVE-2019-15695)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-15691
TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
CVE-2019-15692
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
CVE-2019-15693
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
CVE-2019-15694
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
CVE-2019-15695
TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
追加情報:
N/A
ダウンロード:
SRPMS
- tigervnc-1.8.0-21.el7.src.rpm
MD5: 2cf11d14da7647379daf4fce2e1e4376
SHA-256: 9d0e6f78366abbff5ad6f3cec98f39a371096dcde8dbe5226f013fba5e7c7acf
Size: 1.44 MB
Asianux Server 7 for x86_64
- tigervnc-1.8.0-21.el7.x86_64.rpm
MD5: f9cfdcd5b06f1962eb08e994c0ee084f
SHA-256: 9120c89ea6967e124ff068de826d5c7e47c62c448f17cb31e428ad8a994bbb2f
Size: 240.05 kB - tigervnc-icons-1.8.0-21.el7.noarch.rpm
MD5: 1910dbdecf5e0f8f600b74b87f7f46b8
SHA-256: 25a3878c93462e36bc499d6cb1cd88ecdd4c87cd891a3cecf4574a0873d1d22f
Size: 38.73 kB - tigervnc-license-1.8.0-21.el7.noarch.rpm
MD5: b98a222e68b5c5373439ab172026723b
SHA-256: 5dd1d60252e54b286c9624e0e99a69f771b820086c8c68c16bd8c958a448f465
Size: 29.49 kB - tigervnc-server-1.8.0-21.el7.x86_64.rpm
MD5: d761d9c7eef834342b567cba4cb42951
SHA-256: 92cb881fa428e92cccac6b44aadb658390e254602f440bedaf4328f1c8877b40
Size: 215.32 kB - tigervnc-server-minimal-1.8.0-21.el7.x86_64.rpm
MD5: 590ee2e755fe4c6f1a41918afe670ca0
SHA-256: 12b71f1780c4e37743f9992aca1f01550d9346dd698df91265dffbb4d21d5524
Size: 1.04 MB