Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 7 articles for you...
203
security advisorydenial of servicepackage updateMageia: 2020-0439 Moderate: Fix for Vino Denial Of Service Issue
libvncserver/rfbserver.c from LibVNCServer, which is bundled by vino, has a divide by zero issue which could result in denial of service (CVE-2020-25708). References: - https://bugs.mageia.org/show_bug.cgi?id=27636 . MGASA-2020-0439 - Updated vino package fixes a security vulnerability Publication date: 23 Nov 2020 URL: https://advisories.mageia.org/MGASA-2020-0439.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-25708 libvncserver/rfbserver.c from LibVNCServer, which is bundled by vino, has a divide by zero issue which could result in denial of service (CVE-2020-25708). References: - https://bugs.mageia.org/show_bug.cgi?id=27636 - https://ubuntu.com/security/notices/USN-4636-1 - https://www.cve.org/CVERecord?id=CVE-2020-25708 SRPMS: - 7/core/vino-3.22.0-3.3.mga7 . Recent upgrades to the vino software tackle a critical divide-by-zero flaw that was leading to service disruptions on Mageia operating systems. More information can be found here.. libvncserver,rfxserver,divide by zero issue,security fix. . Severity: Important. LinuxSecurity.com Team
Nov 23, 2020
•Important
Mageia
172
security advisorydenial of servicecriticalUbuntu 20.04 LTS: USN-4573-1 Security Advisory: Vino Denial of Service
Several security issues were fixed in Vino.. =========================================================================Ubuntu Security Notice USN-4573-1 October 07, 2020 vino vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Vino. Software Description: - vino: VNC server for GNOME Details: Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2014-6053) It was discovered that Vino incorrectly handled certain packet lengths. A remote attacker could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. (CVE-2018-7225) Pavel Cheremushkin discovered that an information disclosure vulnerability existed in Vino when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. (CVE-2019-15681) It was discovered that Vino incorrectly handled region clipping. A remote attacker could possibly use this issue to cause Vino to crash, resulting in a denial of service. (CVE-2020-14397) It was discovered that Vino incorrectly handled encodings. A remote attacker could use this issue to cause Vino to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-14402, CVE-2020-14403, CVE-2020-14404) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: vino 3.22.0-5ubuntu2.1 Ubuntu 18.04 LTS: vino 3.22.0-3ubuntu1.1 Ubuntu 16.04 LTS: vino 3.8.1-0ubuntu9.3 After a standard system update you need to restart your session to makeall the necessary changes. References: https://ubuntu.com/security/notices/USN-4573-1 CVE-2014-6053, CVE-2018-7225, CVE-2019-15681, CVE-2020-14397, CVE-2020-14402, CVE-2020-14403, CVE-2020-14404 Package Information: https://launchpad.net/ubuntu/+source/vino/3.22.0-5ubuntu2.1 https://launchpad.net/ubuntu/+source/vino/3.22.0-3ubuntu1.1 https://launchpad.net/ubuntu/+source/vino/3.8.1-0ubuntu9.3 . A series of Vino security flaws have been resolved in the Ubuntu Security Notice USN-4573-1. Implementing these updates is crucial for safeguarding your systems.. Ubuntu Security, Vino Update, Security Issues, System Protection. . Severity: Important. LinuxSecurity.com Team
Oct 07, 2020
•Important
Ubuntu
202
security advisorymoderateupdateopenSUSE: 2020:1071-1 Moderate: vino Memory Leak Threat
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for vino ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:1071-1 Rating: moderate References: #1155419 Cross-References: CVE-2019-15681 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for vino fixes the following issues: - CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-1071=1 Package List: - openSUSE Leap 15.1 (x86_64): vino-3.22.0-lp151.4.3.1 vino-debuginfo-3.22.0-lp151.4.3.1 vino-debugsource-3.22.0-lp151.4.3.1 - openSUSE Leap 15.1 (noarch): vino-lang-3.22.0-lp151.4.3.1 References: https://www.suse.com/security/cve/CVE-2019-15681.html https://bugzilla.suse.com/1155419 -- . This update for Fedora tackles a significant security concern in gnome-screensaver, rectifying a buffer overflow to bolster system safety.. openSUSE Update, vino Debugging Issues, Memory Leak Patching. . LinuxSecurity.com Team
Jul 26, 2020
OpenSUSE
100
security advisorymoderatesecurity updateSUSE: 2020:2009-1 Moderate: Memory Leak Vulnerability in vino System
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for vino ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2009-1 Rating: moderate References: #1155419 Cross-References: CVE-2019-15681 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for vino fixes the following issues: - CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2009=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64): vino-3.22.0-3.6.76 vino-debuginfo-3.22.0-3.6.76 vino-debugsource-3.22.0-3.6.76 - SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (noarch): vino-lang-3.22.0-3.6.76 References: https://www.suse.com/security/cve/CVE-2019-15681.html https://bugzilla.suse.com/1155419 _______________________________________________ sle-security-updates mailing list
Jul 22, 2020
SuSE
203
security advisoryremote accessnull pointerMageia: 2020-0288 Moderate: Vino Security Update for LibVNCServer Issues
The updated package fixes security vulnerabilities: An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. (CVE-2020-14397) Byte-aligned data is accessed through uint16_t pointers in . MGASA-2020-0288 - Updated vino packages fix security vulnerability Publication date: 10 Jul 2020 URL: https://advisories.mageia.org/MGASA-2020-0288.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-14397, CVE-2020-14400, CVE-2020-14402, CVE-2020-14403, CVE-2020-14404 The updated package fixes security vulnerabilities: An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. (CVE-2020-14397) Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. (CVE-2020-14400) libvncserver/corre.c allows out-of-bounds access via encodings. (CVE-2020-14402) libvncserver/hextile.c allows out-of-bounds access via encodings. (CVE-2020-14403) An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings. (CVE-2020-14404) References: - https://bugs.mageia.org/show_bug.cgi?id=26882 - https://lists.debian.org/debian-lts-announce/2020/06/msg00035.html - https://www.cve.org/CVERecord?id=CVE-2020-14397 - https://www.cve.org/CVERecord?id=CVE-2020-14400 - https://www.cve.org/CVERecord?id=CVE-2020-14402 - https://www.cve.org/CVERecord?id=CVE-2020-14403 - https://www.cve.org/CVERecord?id=CVE-2020-14404 SRPMS: - 7/core/vino-3.22.0-3.2.mga7 . Mageia 2020-0288 update addresses various vulnerabilities in Vino impacting remote connectivity. Notable CVEs highlighted.. Mageia Security, Vino Fixes, LibVNCServer Update. . LinuxSecurity.com Team
Jul 10, 2020
Mageia
197
security advisorydenial of serviceDebianDebian 8: DLA-2014-1 Critical: vino DoS and Memory Leak
Several vulnerabilities have been identified in the VNC code of vino, a desktop sharing utility for the GNOME desktop environment. . Package : vino Version : 3.14.0-2+deb8u1 CVE ID : CVE-2014-6053 CVE-2018-7225 CVE-2019-15681 Debian Bug : 945784 Several vulnerabilities have been identified in the VNC code of vino, a desktop sharing utility for the GNOME desktop environment. The vulnerabilities referenced below are issues that have originally been reported against Debian source package libvncserver. The vino source package in Debian ships a custom-patched and stripped down variant of libvncserver, thus some of libvncserver's security fixes required porting over. CVE-2014-6053 The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer did not properly handle attempts to send a large amount of ClientCutText data, which allowed remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that was processed by using a single unchecked malloc. CVE-2018-7225 An issue was discovered in LibVNCServer. rfbProcessClientNormalMessage() in rfbserver.c did not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. CVE-2019-15681 LibVNC contained a memory leak (CWE-655) in VNC server code, which allowed an attacker to read stack memory and could be abused for information disclosure. Combined with another vulnerability, it could be used to leak stack memory and bypass ASLR. This attack appeared to be exploitable via network connectivity. For Debian 8 "Jessie", these problems have been fixed in version 3.14.0-2+deb8u1. We recommend that you upgrade your vino packages. Further information about Debian LTS security advisories, how to apply these updates to your system andfrequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail:
Nov 29, 2019
•Critical
Debian LTS
100
security advisorydenial of serviceSUSESUSE: 2013:1631-2 Critical Update: Vino Service Denial Of Service Fix
An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.. SUSE Security Update: Security update for vino ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1631-2 Rating: important References: #843174 Cross-References: CVE-2013-5745 Affected Products: SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: vino has been updated to fix a remote denial of service problem where remote attackers could have caused a infinite loop in vino (CPU consumption). (CVE-2013-5745) Security Issue reference: * CVE-2013-5745 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-vino-8443 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-vino-8443 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-vino-8443 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): vino-2.28.1-2.5.1 vino-lang-2.28.1-2.5.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): vino-2.28.1-2.5.1 vino-lang-2.28.1-2.5.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): vino-2.28.1-2.5.1 vino-lang-2.28.1-2.5.1 References: https://www.suse.com/security/cve/CVE-2013-5745.html . Red Hat unveils critical security patch to mitigate significant vulnerabilityin httpd, providing detailed installation guidelines.. SUSE Security Update,vino fix,important issue. . Severity: Important. LinuxSecurity.com Team
Nov 06, 2013
•Important
SuSE
100
security advisorydenial of serviceupdateSUSE: 2013:4632-2 Critical: VNC Server Buffer Overflow Vulnerability
An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.. SUSE Security Update: Security update for vino ______________________________________________________________________________ Announcement ID: SUSE-SU-2013:1631-1 Rating: important References: #843174 Cross-References: CVE-2013-5745 Affected Products: SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: vino has been updated to fix a remote denial of service problem where remote attackers could have caused a infinite loop in vino (CPU consumption). (CVE-2013-5745) Security Issue reference: * CVE-2013-5745 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11 SP2 for VMware: zypper in -t patch slessp2-vino-8442 - SUSE Linux Enterprise Server 11 SP2: zypper in -t patch slessp2-vino-8442 - SUSE Linux Enterprise Desktop 11 SP2: zypper in -t patch sledsp2-vino-8442 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64): vino-2.28.1-2.5.1 vino-lang-2.28.1-2.5.1 - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64): vino-2.28.1-2.5.1 vino-lang-2.28.1-2.5.1 - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64): vino-2.28.1-2.5.1 vino-lang-2.28.1-2.5.1 References: https://www.suse.com/security/cve/CVE-2013-5745.html . SUSE has issued a security enhancement for vino: a crucial update released tocounteract a potential remote denial of service vulnerability.. SUSE Security Update,Vino Patch,Remote Service Threat. . Severity: Important. LinuxSecurity.com Team
Nov 06, 2013
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!