Explore top 10 tips to secure your open-source projects now. Read More
×
Several vulnerabilities have recently been discovered in TightVNC 1.x, an X11 based VNC server/viewer application for Windows and Unix. . Package : tightvnc Version : 1.3.9-6.5+deb8u1 CVE ID : CVE-2014-6053 CVE-2018-7225 CVE-2019-8287 CVE-2018-20021 CVE-2018-20022 CVE-2019-15678 CVE-2019-15679 CVE-2019-15680 CVE-2019-15681 Debian Bug : 945364 Several vulnerabilities have recently been discovered in TightVNC 1.x, an X11 based VNC server/viewer application for Windows and Unix. CVE-2014-6053 The rfbProcessClientNormalMessage function in rfbserver.c in TightVNC server did not properly handle attempts to send a large amount of ClientCutText data, which allowed remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that was processed by using a single unchecked malloc. CVE-2018-7225 rfbProcessClientNormalMessage() in rfbserver.c did not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. CVE-2019-8287 TightVNC code contained global buffer overflow in HandleCoRREBBP macro function, which could potentially have result in code execution. This attack appeared to be exploitable via network connectivity. (aka CVE-2018-20020/libvncserver) CVE-2018-20021 TightVNC in vncviewer/rfbproto.c contained a CWE-835: Infinite loop vulnerability. The vulnerability allowed an attacker to consume an excessive amount of resources like CPU and RAM. CVE-2018-20022 TightVNC's vncviewer contained multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allowed attackers to read stack memory and could be abused for information disclosure. Combined with another vulnerability, it could be used to leak stack memorylayout and in bypassing ASLR. CVE-2019-15678 TightVNC code version contained heap buffer overflow in rfbServerCutText handler, which could have potentially resulted in code execution. This attack appeared to be exploitable via network connectivity. (partially aka CVE-2018-20748/libvnvserver) CVE-2019-15679 TightVNC's vncviewer code contained a heap buffer overflow in InitialiseRFBConnection function, which could have potentially resulted in code execution. This attack appeared to be exploitable via network connectivity. (partially aka CVE-2018-20748/libvnvserver) CVE-2019-15680 TightVNC's vncviewer code contained a null pointer dereference in HandleZlibBPP function, which could have resulted in Denial of System (DoS). This attack appeared to be exploitable via network connectivity. CVE-2019-15681 TightVNC contained a memory leak (CWE-655) in VNC server code, which allowed an attacker to read stack memory and could have been abused for information disclosure. Combined with another vulnerability, it could have been used to leak stack memory and bypass ASLR. This attack appeared to be exploitable via network connectivity. For Debian 8 "Jessie", these problems have been fixed in version 1.3.9-6.5+deb8u1. We recommend that you upgrade your tightvnc packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail:
An update that fixes four vulnerabilities is now available. . SUSE Security Update: Security update for tightvnc ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14235-1 Rating: important References: #1155442 #1155452 #1155472 #1155476 Cross-References: CVE-2019-15678 CVE-2019-15679 CVE-2019-15680 CVE-2019-8287 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for tightvnc fixes the following issues: - CVE-2019-15679: Fixed a heap buffer overflow in InitialiseRFBConnection which might lead to code execution (bsc#1155476). - CVE-2019-8287: Fixed a global buffer overflow in HandleCoRREBBPmay which might lead to code execution (bsc#1155472). - CVE-2019-15680: Fixed a null pointer dereference in HandleZlibBPP which could have led to denial of service (bsc#1155452). - CVE-2019-15678: Fixed a heap buffer overflow in rfbServerCutText handler (bsc#1155442). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-tightvnc-14235=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-tightvnc-14235=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tightvnc-14235=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-tightvnc-14235=1 Package List: - SUSE LinuxEnterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): tightvnc-1.3.9-81.15.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): tightvnc-1.3.9-81.15.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): tightvnc-debuginfo-1.3.9-81.15.3.1 tightvnc-debugsource-1.3.9-81.15.3.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): tightvnc-debuginfo-1.3.9-81.15.3.1 tightvnc-debugsource-1.3.9-81.15.3.1 References: https://www.suse.com/security/cve/CVE-2019-15678.html https://www.suse.com/security/cve/CVE-2019-15679.html https://www.suse.com/security/cve/CVE-2019-15680.html https://www.suse.com/security/cve/CVE-2019-8287.html https://bugzilla.suse.com/1155442 https://bugzilla.suse.com/1155452 https://bugzilla.suse.com/1155472 https://bugzilla.suse.com/1155476 _______________________________________________ sle-security-updates mailing list
Get the latest Linux and open source security news straight to your inbox.