Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":1,"type":"x","order":1,"pct":33.33,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":2,"type":"x","order":3,"pct":66.67,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -7 articles for you...
197

Debian: DLA-2045-1 Critical: TightVNC Denial Of Service Issues

Several vulnerabilities have recently been discovered in TightVNC 1.x, an X11 based VNC server/viewer application for Windows and Unix. . Package : tightvnc Version : 1.3.9-6.5+deb8u1 CVE ID : CVE-2014-6053 CVE-2018-7225 CVE-2019-8287 CVE-2018-20021 CVE-2018-20022 CVE-2019-15678 CVE-2019-15679 CVE-2019-15680 CVE-2019-15681 Debian Bug : 945364 Several vulnerabilities have recently been discovered in TightVNC 1.x, an X11 based VNC server/viewer application for Windows and Unix. CVE-2014-6053 The rfbProcessClientNormalMessage function in rfbserver.c in TightVNC server did not properly handle attempts to send a large amount of ClientCutText data, which allowed remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that was processed by using a single unchecked malloc. CVE-2018-7225 rfbProcessClientNormalMessage() in rfbserver.c did not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. CVE-2019-8287 TightVNC code contained global buffer overflow in HandleCoRREBBP macro function, which could potentially have result in code execution. This attack appeared to be exploitable via network connectivity. (aka CVE-2018-20020/libvncserver) CVE-2018-20021 TightVNC in vncviewer/rfbproto.c contained a CWE-835: Infinite loop vulnerability. The vulnerability allowed an attacker to consume an excessive amount of resources like CPU and RAM. CVE-2018-20022 TightVNC's vncviewer contained multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allowed attackers to read stack memory and could be abused for information disclosure. Combined with another vulnerability, it could be used to leak stack memorylayout and in bypassing ASLR. CVE-2019-15678 TightVNC code version contained heap buffer overflow in rfbServerCutText handler, which could have potentially resulted in code execution. This attack appeared to be exploitable via network connectivity. (partially aka CVE-2018-20748/libvnvserver) CVE-2019-15679 TightVNC's vncviewer code contained a heap buffer overflow in InitialiseRFBConnection function, which could have potentially resulted in code execution. This attack appeared to be exploitable via network connectivity. (partially aka CVE-2018-20748/libvnvserver) CVE-2019-15680 TightVNC's vncviewer code contained a null pointer dereference in HandleZlibBPP function, which could have resulted in Denial of System (DoS). This attack appeared to be exploitable via network connectivity. CVE-2019-15681 TightVNC contained a memory leak (CWE-655) in VNC server code, which allowed an attacker to read stack memory and could have been abused for information disclosure. Combined with another vulnerability, it could have been used to leak stack memory and bypass ASLR. This attack appeared to be exploitable via network connectivity. For Debian 8 "Jessie", these problems have been fixed in version 1.3.9-6.5+deb8u1. We recommend that you upgrade your tightvnc packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: This email address is being protected from spambots. You need JavaScript enabled to view it., https://sunweavers.net/ . A recent TightVNC patch resolves several security flaws in release 1.3.9-6.5+deb8u1, aimed at improving both safety and performance.. TightVNC Security, Debian Update, Network Security, Denial Of Service, Buffer Overflow. . LinuxSecurity.com Team

Calendar%202 Dec 21, 2019 Debian LTS
100

SUSE: 2019:14235-1 Important: Tightvnc Code Execution and DoS Fixes

An update that fixes four vulnerabilities is now available. . SUSE Security Update: Security update for tightvnc ______________________________________________________________________________ Announcement ID: SUSE-SU-2019:14235-1 Rating: important References: #1155442 #1155452 #1155472 #1155476 Cross-References: CVE-2019-15678 CVE-2019-15679 CVE-2019-15680 CVE-2019-8287 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for tightvnc fixes the following issues: - CVE-2019-15679: Fixed a heap buffer overflow in InitialiseRFBConnection which might lead to code execution (bsc#1155476). - CVE-2019-8287: Fixed a global buffer overflow in HandleCoRREBBPmay which might lead to code execution (bsc#1155472). - CVE-2019-15680: Fixed a null pointer dereference in HandleZlibBPP which could have led to denial of service (bsc#1155452). - CVE-2019-15678: Fixed a heap buffer overflow in rfbServerCutText handler (bsc#1155442). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-tightvnc-14235=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-tightvnc-14235=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-tightvnc-14235=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-tightvnc-14235=1 Package List: - SUSE LinuxEnterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): tightvnc-1.3.9-81.15.3.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): tightvnc-1.3.9-81.15.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): tightvnc-debuginfo-1.3.9-81.15.3.1 tightvnc-debugsource-1.3.9-81.15.3.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): tightvnc-debuginfo-1.3.9-81.15.3.1 tightvnc-debugsource-1.3.9-81.15.3.1 References: https://www.suse.com/security/cve/CVE-2019-15678.html https://www.suse.com/security/cve/CVE-2019-15679.html https://www.suse.com/security/cve/CVE-2019-15680.html https://www.suse.com/security/cve/CVE-2019-8287.html https://bugzilla.suse.com/1155442 https://bugzilla.suse.com/1155452 https://bugzilla.suse.com/1155472 https://bugzilla.suse.com/1155476 _______________________________________________ sle-security-updates mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. http://lists.suse.com/mailman/listinfo/sle-security-updates . SUSE tightvnc upgrade addresses critical security flaws, bolstering system robustness and mitigating prospective threats.. SUSE Security Update,TightVNC,Heap Overflow,Bug Fix. . LinuxSecurity.com Team

Calendar%202 Nov 29, 2019 SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is application sandboxing truly safe?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/155-is-application-sandboxing-truly-safe?task=poll.vote&format=json
155
radio
0
[{"id":500,"title":"Malware still escapes container walls.","votes":1,"type":"x","order":1,"pct":33.33,"resources":[]},{"id":501,"title":"Supply chains corrupt trusted packages.","votes":0,"type":"x","order":2,"pct":0,"resources":[]},{"id":502,"title":"Convenience consistently compromises strict security.","votes":2,"type":"x","order":3,"pct":66.67,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200