Vulnerability BDU:2020-03958: Information
Description
Уязвимость реализации функции ConnectToRFBRepeater кроссплатформенной библиотеки LibVNCServer, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| libvncserver | sisyphus | 0.9.13-alt1 | 0.9.14-alt1 | ALT-PU-2020-2671-1 | 256807 | Fixed |
| libvncserver | p10 | 0.9.13-alt1 | 0.9.14-alt1 | ALT-PU-2020-2671-1 | 256807 | Fixed |
| libvncserver | p9 | 0.9.13-alt1 | 0.9.13-alt1 | ALT-PU-2020-2694-1 | 256808 | Fixed |
| libvncserver | c10f1 | 0.9.13-alt1 | 0.9.13-alt3 | ALT-PU-2020-2671-1 | 256807 | Fixed |
| libvncserver | c9f2 | 0.9.13-alt1 | 0.9.13-alt3 | ALT-PU-2020-2694-1 | 256808 | Fixed |
| libvncserver | p11 | 0.9.13-alt1 | 0.9.14-alt1 | ALT-PU-2020-2671-1 | 256807 | Fixed |
References to Advisories, Solutions, and Tools
| Vulnerability Status | Подтверждена производителем |
| Presence of an exploit | Данные уточняются |
| Fix status | Уязвимость устранена |
| Software Type | Прикладное ПО информационных систем, Операционная система |
| Solution | Использование рекомендаций: Для LibVNCServer: https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 https://github.com/LibVNC/libvncserver/issues/253 Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/cve-2018-21247 Для Fedora: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4F6FUH4EFK4NAP6GT4TQRTBKWIRCZLIY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVP7TJVYJDXDFRHVQ3ENEN3H354QPXEZ/ Для программных продуктов Novell Inc.: http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html Для ОСОН Основа: Обновление программного обеспечения libvncserver до версии 0.9.13+dfsg-3osnova2 |
| Sources | http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html https://github.com/LibVNC/libvncserver/compare/LibVNCServer-0.9.12...LibVNCServer-0.9.13 https://github.com/LibVNC/libvncserver/issues/253 Issue Tracking Third Party Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4F6FUH4EFK4NAP6GT4TQRTBKWIRCZLIY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVP7TJVYJDXDFRHVQ3ENEN3H354QPXEZ/ https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/ |
| Other system identifiers |