Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2020.0242
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2020-0242)
Zusammenfassung:	The remote host is missing an update for the 'vino' package(s) announced via the MGASA-2020-0242 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'vino' package(s) announced via the MGASA-2020-0242 advisory. Vulnerability Insight: Updated vino packages fix security vulnerabilities: The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer did not properly handle attempts to send a large amount of ClientCutText data, which allowed remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that was processed by using a single unchecked malloc (CVE-2014-6053). An issue was discovered in LibVNCServer. rfbProcessClientNormalMessage() in rfbserver.c did not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets (CVE-2018-7225). LibVNC contained a memory leak in VNC server code, which allowed an attacker to read stack memory and could be abused for information disclosure. Combined with another vulnerability, it could be used to leak stack memory and bypass ASLR. This attack appeared to be exploitable via network connectivity (CVE-2019-15681). The bundled libvncserver code in vino has been patched to fix these issues. Affected Software/OS: 'vino' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-6053 Debian Security Information: DSA-3081 (Google Search) http://www.debian.org/security/2014/dsa-3081 https://security.gentoo.org/glsa/201507-07 http://www.ocert.org/advisories/ocert-2014-007.html https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html http://seclists.org/oss-sec/2014/q3/639 http://www.openwall.com/lists/oss-security/2014/09/25/11 http://secunia.com/advisories/61506 http://secunia.com/advisories/61682 SuSE Security Announcement: openSUSE-SU-2015:2207 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html http://ubuntu.com/usn/usn-2365-1 https://usn.ubuntu.com/4573-1/ https://usn.ubuntu.com/4587-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-7225 BugTraq ID: 103107 http://www.securityfocus.com/bid/103107 Debian Security Information: DSA-4221 (Google Search) https://www.debian.org/security/2018/dsa-4221 https://security.gentoo.org/glsa/201908-05 http://www.openwall.com/lists/oss-security/2018/02/18/1 https://github.com/LibVNC/libvncserver/issues/218 https://lists.debian.org/debian-lts-announce/2018/03/msg00035.html RedHat Security Advisories: RHSA-2018:1055 https://access.redhat.com/errata/RHSA-2018:1055 https://usn.ubuntu.com/3618-1/ https://usn.ubuntu.com/4547-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-15681 https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a https://lists.debian.org/debian-lts-announce/2019/10/msg00039.html SuSE Security Announcement: openSUSE-SU-2020:0624 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html SuSE Security Announcement: openSUSE-SU-2020:1071 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00073.html https://usn.ubuntu.com/4407-1/
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.