Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu 20.04 LTS: USN-4573-1 Security Advisory: Vino Denial of Service

ubuntu
Calendar Grey October 7, 2020
Dist Ubuntu Esm H88
A series of Vino security flaws have been resolved in the Ubuntu Security Notice USN-4573-1. Implementing these updates is crucial for safeguarding your systems.
Several security issues were fixed in Vino.

Summary

Several security issues were fixed in Vino.

Software Description:

- vino: VNC server for GNOME

Details:

Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText

messages. A remote attacker could use this issue to cause the server to

crash, resulting in a denial of service. (CVE-2014-6053)

It was discovered that Vino incorrectly handled certain packet lengths. A

remote attacker could possibly use this issue to obtain sensitive

information, cause a denial of service, or execute arbitrary code.

(CVE-2018-7225)

Pavel Cheremushkin discovered that an information disclosure vulnerability

existed in Vino when sending a ServerCutText message. An attacker could

possibly use this issue to expose sensitive information. (CVE-2019-15681)

It was discovered that Vino incorrectly handled region clipping. A remote

attacker could possibly use this issue to cause Vino to crash, resulting in

a denial of service. (CVE-2020-14397)

It was discovered that Vi...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
  vino                            3.22.0-5ubuntu2.1

Ubuntu 18.04 LTS:
  vino                            3.22.0-3ubuntu1.1

Ubuntu 16.04 LTS:
  vino                            3.8.1-0ubuntu9.3

After a standard system update you need to restart your session to make all
the necessary changes.

References

https://ubuntu.com/security/notices/USN-4573-1

CVE-2014-6053, CVE-2018-7225, CVE-2019-15681, CVE-2020-14397,

CVE-2020-14402, CVE-2020-14403, CVE-2020-14404

Severity
important
Lowest
Low
Medium
High
Critical

October 07, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here