Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Mageia 6: MGASA-2019-0037 Moderate: libvncserver Remote Code Execution

mageia
Calendar Grey January 15, 2019
Dist Mageia Esm H88
MGASA-2019-0037 - Updated libvncserver & x11vnc packages fix security vulnerabilities Publication da
A heap use-after-free vulnerability in the server code of the file transfer extension, which can result in remote code execution

Summary

A heap use-after-free vulnerability in the server code of the file transfer extension, which can result in remote code execution. This attack appears to be exploitable via network connectivity (CVE-2018-6307).
A heap use-after-free vulnerability in the server code of the file transfer extension, which can result in remote code execution. This attack appears to be exploitable via network connectivity (CVE-2018-15126).
A heap out-of-bound write vulnerability in the server code of the file transfer extension, which can result in remote code execution. This attack appears to be exploitable via network connectivity (CVE-2018-15127).
Multiple heap out-of-bound write vulnerabilities in VNC client code, which can result in remote code execution (CVE-2018-20019).
Heap out-of-bound write vulnerability in a structure in VNC client code, which can result in remote code execution (CVE-2018-20020).
Infinite Loop vulnerability in VNC client code. The vulnerability could allow an attacker to consum...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=24177

- https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.12

- https://github.com/LibVNC/x11vnc/releases/tag/0.9.15

- https://github.com/LibVNC/x11vnc/releases/tag/0.9.16

- https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html

- - https://www.cve.org/CVERecord?id=CVE-2018-6307

- https://www.cve.org/CVERecord?id=CVE-2018-15126

- https://www.cve.org/CVERecord?id=CVE-2018-15127

- https://www.cve.org/CVERecord?id=CVE-2018-20019

- https://www.cve.org/CVERecord?id=CVE-2018-20020

- https://www.cve.org/CVERecord?id=CVE-2018-20021

- https://www.cve.org/CVERecord?id=CVE-2018-20022

- https://www.cve.org/CVERecord?id=CVE-2018-20023

- https://www.cve.org/CVERecord?id=CVE-2018-20024

Topics%20covered

Topics Covered

security advisory remote code execution network exploit vnc client Mageia heap use-after-free

Resolution

SRPMS

- 6/core/libvncserver-0.9.12-1.mga6

- 6/core/x11vnc-0.9.16-1.mga6

Publication date: 15 Jan 2019
URL: https://advisories.mageia.org/MGASA-2019-0037.html
Type: security
CVE: CVE-2018-6307, CVE-2018-15126, CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024

Topics%20covered

Topics Covered

security advisory remote code execution network exploit vnc client Mageia heap use-after-free

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here