openSUSE Security Update : LibVNCServer (openSUSE-2020-1025)

critical Nessus Plugin ID 138828

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for LibVNCServer fixes the following issues :

- security update

- added patches fix CVE-2018-21247 [bsc#1173874], uninitialized memory contents are vulnerable to Information leak

+ LibVNCServer-CVE-2018-21247.patch fix CVE-2019-20839 [bsc#1173875], buffer overflow in ConnectClientToUnixSock()

+ LibVNCServer-CVE-2019-20839.patch fix CVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode can lead to denial of service

+ LibVNCServer-CVE-2019-20840.patch fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c

+ LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c

+ LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c.

+ LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c.

+ LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c

+ LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings.

+ LibVNCServer-CVE-2020-14402,14403,14404.patch fix CVE-2017-18922 [bsc#1173477], preauth buffer overwrite

This update was imported from the SUSE:SLE-15:Update update project.

Solution

Update the affected LibVNCServer packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1173477

https://bugzilla.opensuse.org/show_bug.cgi?id=1173691

https://bugzilla.opensuse.org/show_bug.cgi?id=1173694

https://bugzilla.opensuse.org/show_bug.cgi?id=1173700

https://bugzilla.opensuse.org/show_bug.cgi?id=1173701

https://bugzilla.opensuse.org/show_bug.cgi?id=1173743

https://bugzilla.opensuse.org/show_bug.cgi?id=1173874

https://bugzilla.opensuse.org/show_bug.cgi?id=1173875

https://bugzilla.opensuse.org/show_bug.cgi?id=1173876

https://bugzilla.opensuse.org/show_bug.cgi?id=1173880

Plugin Details

Severity: Critical

ID: 138828

File Name: openSUSE-2020-1025.nasl

Version: 1.3

Type: local

Agent: unix

Published: 7/22/2020

Updated: 2/29/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2017-18922

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libvncserver-devel, p-cpe:/a:novell:opensuse:libvncclient0-debuginfo, p-cpe:/a:novell:opensuse:libvncserver0, cpe:/o:novell:opensuse:15.2, p-cpe:/a:novell:opensuse:libvncserver-debugsource, p-cpe:/a:novell:opensuse:libvncserver0-debuginfo, p-cpe:/a:novell:opensuse:libvncclient0

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 7/21/2020

Vulnerability Publication Date: 6/17/2020

Reference Information

CVE: CVE-2017-18922, CVE-2018-21247, CVE-2019-20839, CVE-2019-20840, CVE-2020-14397, CVE-2020-14398, CVE-2020-14399, CVE-2020-14400, CVE-2020-14401, CVE-2020-14402