Issued:: 2019-01-15
Updated:: 2019-01-15

RHSA-2019:0059 - Security Advisory

Overview
Updated Packages

Synopsis

Important: libvncserver security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libvncserver is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

LibVNCServer is a C library that enables you to implement VNC server functionality into own programs.

Security Fix(es):

libvncserver: Heap out-of-bounds write in rfbserver.c in rfbProcessFileTransferReadBuffer() allows for potential code execution (CVE-2018-15127)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6 x86_64
Red Hat Enterprise Linux Server - AUS 7.6 x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6 ppc64le
Red Hat Enterprise Linux Server - TUS 7.6 x86_64
Red Hat Enterprise Linux for ARM 64 7 aarch64
Red Hat Enterprise Linux for Power 9 7 ppc64le
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.6 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.6 x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

BZ - 1661102 - CVE-2018-15127 libvncserver: Heap out-of-bounds write in rfbserver.c in rfbProcessFileTransferReadBuffer() allows for potential code execution

CVEs

CVE-2018-15127

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
libvncserver-0.9.9-13.el7_6.src.rpm	SHA-256: 2b7812a413f65be81dc632e6ac6bd0055470857d36466d0729fe8bdd64e84b59
x86_64
libvncserver-0.9.9-13.el7_6.i686.rpm	SHA-256: 22759d4e20158ad9dbfded416a1ae7e15714a509265c6ed2375150e56e325c48
libvncserver-0.9.9-13.el7_6.x86_64.rpm	SHA-256: d8e5d39a036f9008d3985336e9a06626ed98896c9b44a279ba4b93389ef8beda
libvncserver-debuginfo-0.9.9-13.el7_6.i686.rpm	SHA-256: 15f45596d0a941c31bf298a5424f8f2dc55cb00d225247077d99fb041e574e20
libvncserver-debuginfo-0.9.9-13.el7_6.i686.rpm	SHA-256: 15f45596d0a941c31bf298a5424f8f2dc55cb00d225247077d99fb041e574e20
libvncserver-debuginfo-0.9.9-13.el7_6.x86_64.rpm	SHA-256: a7d5c146e5c1d1154fc4fea84b10ece976eee473cfee09849fb841a4933550ca
libvncserver-debuginfo-0.9.9-13.el7_6.x86_64.rpm	SHA-256: a7d5c146e5c1d1154fc4fea84b10ece976eee473cfee09849fb841a4933550ca
libvncserver-devel-0.9.9-13.el7_6.i686.rpm	SHA-256: bacfbd3a18e97601612d2d849a8749d128061e46c2682d3ea86ac596eb33c4a6
libvncserver-devel-0.9.9-13.el7_6.x86_64.rpm	SHA-256: 90f41e0e706ec99da25b5b8d1430061c0203374f16bbefa1994b6394e5df180d

Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6

SRPM
libvncserver-0.9.9-13.el7_6.src.rpm	SHA-256: 2b7812a413f65be81dc632e6ac6bd0055470857d36466d0729fe8bdd64e84b59
x86_64
libvncserver-0.9.9-13.el7_6.i686.rpm	SHA-256: 22759d4e20158ad9dbfded416a1ae7e15714a509265c6ed2375150e56e325c48
libvncserver-0.9.9-13.el7_6.x86_64.rpm	SHA-256: d8e5d39a036f9008d3985336e9a06626ed98896c9b44a279ba4b93389ef8beda
libvncserver-debuginfo-0.9.9-13.el7_6.i686.rpm	SHA-256: 15f45596d0a941c31bf298a5424f8f2dc55cb00d225247077d99fb041e574e20
libvncserver-debuginfo-0.9.9-13.el7_6.i686.rpm	SHA-256: 15f45596d0a941c31bf298a5424f8f2dc55cb00d225247077d99fb041e574e20
libvncserver-debuginfo-0.9.9-13.el7_6.x86_64.rpm	SHA-256: a7d5c146e5c1d1154fc4fea84b10ece976eee473cfee09849fb841a4933550ca
libvncserver-debuginfo-0.9.9-13.el7_6.x86_64.rpm	SHA-256: a7d5c146e5c1d1154fc4fea84b10ece976eee473cfee09849fb841a4933550ca
libvncserver-devel-0.9.9-13.el7_6.i686.rpm	SHA-256: bacfbd3a18e97601612d2d849a8749d128061e46c2682d3ea86ac596eb33c4a6
libvncserver-devel-0.9.9-13.el7_6.x86_64.rpm	SHA-256: 90f41e0e706ec99da25b5b8d1430061c0203374f16bbefa1994b6394e5df180d

Red Hat Enterprise Linux Server - AUS 7.6

SRPM
libvncserver-0.9.9-13.el7_6.src.rpm	SHA-256: 2b7812a413f65be81dc632e6ac6bd0055470857d36466d0729fe8bdd64e84b59
x86_64
libvncserver-0.9.9-13.el7_6.i686.rpm	SHA-256: 22759d4e20158ad9dbfded416a1ae7e15714a509265c6ed2375150e56e325c48
libvncserver-0.9.9-13.el7_6.x86_64.rpm	SHA-256: d8e5d39a036f9008d3985336e9a06626ed98896c9b44a279ba4b93389ef8beda
libvncserver-debuginfo-0.9.9-13.el7_6.i686.rpm	SHA-256: 15f45596d0a941c31bf298a5424f8f2dc55cb00d225247077d99fb041e574e20
libvncserver-debuginfo-0.9.9-13.el7_6.i686.rpm	SHA-256: 15f45596d0a941c31bf298a5424f8f2dc55cb00d225247077d99fb041e574e20
libvncserver-debuginfo-0.9.9-13.el7_6.x86_64.rpm	SHA-256: a7d5c146e5c1d1154fc4fea84b10ece976eee473cfee09849fb841a4933550ca
libvncserver-debuginfo-0.9.9-13.el7_6.x86_64.rpm	SHA-256: a7d5c146e5c1d1154fc4fea84b10ece976eee473cfee09849fb841a4933550ca
libvncserver-devel-0.9.9-13.el7_6.i686.rpm	SHA-256: bacfbd3a18e97601612d2d849a8749d128061e46c2682d3ea86ac596eb33c4a6
libvncserver-devel-0.9.9-13.el7_6.x86_64.rpm	SHA-256: 90f41e0e706ec99da25b5b8d1430061c0203374f16bbefa1994b6394e5df180d

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
libvncserver-0.9.9-13.el7_6.src.rpm	SHA-256: 2b7812a413f65be81dc632e6ac6bd0055470857d36466d0729fe8bdd64e84b59
x86_64
libvncserver-0.9.9-13.el7_6.i686.rpm	SHA-256: 22759d4e20158ad9dbfded416a1ae7e15714a509265c6ed2375150e56e325c48
libvncserver-0.9.9-13.el7_6.x86_64.rpm	SHA-256: d8e5d39a036f9008d3985336e9a06626ed98896c9b44a279ba4b93389ef8beda
libvncserver-debuginfo-0.9.9-13.el7_6.i686.rpm	SHA-256: 15f45596d0a941c31bf298a5424f8f2dc55cb00d225247077d99fb041e574e20
libvncserver-debuginfo-0.9.9-13.el7_6.i686.rpm	SHA-256: 15f45596d0a941c31bf298a5424f8f2dc55cb00d225247077d99fb041e574e20
libvncserver-debuginfo-0.9.9-13.el7_6.x86_64.rpm	SHA-256: a7d5c146e5c1d1154fc4fea84b10ece976eee473cfee09849fb841a4933550ca
libvncserver-debuginfo-0.9.9-13.el7_6.x86_64.rpm	SHA-256: a7d5c146e5c1d1154fc4fea84b10ece976eee473cfee09849fb841a4933550ca
libvncserver-devel-0.9.9-13.el7_6.i686.rpm	SHA-256: bacfbd3a18e97601612d2d849a8749d128061e46c2682d3ea86ac596eb33c4a6
libvncserver-devel-0.9.9-13.el7_6.x86_64.rpm	SHA-256: 90f41e0e706ec99da25b5b8d1430061c0203374f16bbefa1994b6394e5df180d

Red Hat Enterprise Linux Workstation 7

SRPM
libvncserver-0.9.9-13.el7_6.src.rpm	SHA-256: 2b7812a413f65be81dc632e6ac6bd0055470857d36466d0729fe8bdd64e84b59
x86_64
libvncserver-0.9.9-13.el7_6.i686.rpm	SHA-256: 22759d4e20158ad9dbfded416a1ae7e15714a509265c6ed2375150e56e325c48
libvncserver-0.9.9-13.el7_6.x86_64.rpm	SHA-256: d8e5d39a036f9008d3985336e9a06626ed98896c9b44a279ba4b93389ef8beda
libvncserver-debuginfo-0.9.9-13.el7_6.i686.rpm	SHA-256: 15f45596d0a941c31bf298a5424f8f2dc55cb00d225247077d99fb041e574e20
libvncserver-debuginfo-0.9.9-13.el7_6.i686.rpm	SHA-256: 15f45596d0a941c31bf298a5424f8f2dc55cb00d225247077d99fb041e574e20
libvncserver-debuginfo-0.9.9-13.el7_6.x86_64.rpm	SHA-256: a7d5c146e5c1d1154fc4fea84b10ece976eee473cfee09849fb841a4933550ca
libvncserver-debuginfo-0.9.9-13.el7_6.x86_64.rpm	SHA-256: a7d5c146e5c1d1154fc4fea84b10ece976eee473cfee09849fb841a4933550ca
libvncserver-devel-0.9.9-13.el7_6.i686.rpm	SHA-256: bacfbd3a18e97601612d2d849a8749d128061e46c2682d3ea86ac596eb33c4a6
libvncserver-devel-0.9.9-13.el7_6.x86_64.rpm	SHA-256: 90f41e0e706ec99da25b5b8d1430061c0203374f16bbefa1994b6394e5df180d

Red Hat Enterprise Linux Desktop 7

SRPM
libvncserver-0.9.9-13.el7_6.src.rpm	SHA-256: 2b7812a413f65be81dc632e6ac6bd0055470857d36466d0729fe8bdd64e84b59
x86_64
libvncserver-0.9.9-13.el7_6.i686.rpm	SHA-256: 22759d4e20158ad9dbfded416a1ae7e15714a509265c6ed2375150e56e325c48
libvncserver-0.9.9-13.el7_6.x86_64.rpm	SHA-256: d8e5d39a036f9008d3985336e9a06626ed98896c9b44a279ba4b93389ef8beda
libvncserver-debuginfo-0.9.9-13.el7_6.i686.rpm	SHA-256: 15f45596d0a941c31bf298a5424f8f2dc55cb00d225247077d99fb041e574e20
libvncserver-debuginfo-0.9.9-13.el7_6.i686.rpm	SHA-256: 15f45596d0a941c31bf298a5424f8f2dc55cb00d225247077d99fb041e574e20
libvncserver-debuginfo-0.9.9-13.el7_6.x86_64.rpm	SHA-256: a7d5c146e5c1d1154fc4fea84b10ece976eee473cfee09849fb841a4933550ca
libvncserver-debuginfo-0.9.9-13.el7_6.x86_64.rpm	SHA-256: a7d5c146e5c1d1154fc4fea84b10ece976eee473cfee09849fb841a4933550ca
libvncserver-devel-0.9.9-13.el7_6.i686.rpm	SHA-256: bacfbd3a18e97601612d2d849a8749d128061e46c2682d3ea86ac596eb33c4a6
libvncserver-devel-0.9.9-13.el7_6.x86_64.rpm	SHA-256: 90f41e0e706ec99da25b5b8d1430061c0203374f16bbefa1994b6394e5df180d

Red Hat Enterprise Linux for Power, little endian 7

SRPM
libvncserver-0.9.9-13.el7_6.src.rpm	SHA-256: 2b7812a413f65be81dc632e6ac6bd0055470857d36466d0729fe8bdd64e84b59
ppc64le
libvncserver-0.9.9-13.el7_6.ppc64le.rpm	SHA-256: 36e2a2bd7f1c059159356cd8917b1f3030e74cdbb150ad3eb2ca240b471cb8ee
libvncserver-debuginfo-0.9.9-13.el7_6.ppc64le.rpm	SHA-256: 8325ac56b27b6ceacb2fffd9ed3321089b2583969e9ebfc9a8cb3430a04fbd06
libvncserver-debuginfo-0.9.9-13.el7_6.ppc64le.rpm	SHA-256: 8325ac56b27b6ceacb2fffd9ed3321089b2583969e9ebfc9a8cb3430a04fbd06
libvncserver-devel-0.9.9-13.el7_6.ppc64le.rpm	SHA-256: ba18e023955adaa26762e3434e55bd6893f9bd4edc568128f029e4095dc09cf5

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6

SRPM
libvncserver-0.9.9-13.el7_6.src.rpm	SHA-256: 2b7812a413f65be81dc632e6ac6bd0055470857d36466d0729fe8bdd64e84b59
ppc64le
libvncserver-0.9.9-13.el7_6.ppc64le.rpm	SHA-256: 36e2a2bd7f1c059159356cd8917b1f3030e74cdbb150ad3eb2ca240b471cb8ee
libvncserver-debuginfo-0.9.9-13.el7_6.ppc64le.rpm	SHA-256: 8325ac56b27b6ceacb2fffd9ed3321089b2583969e9ebfc9a8cb3430a04fbd06
libvncserver-debuginfo-0.9.9-13.el7_6.ppc64le.rpm	SHA-256: 8325ac56b27b6ceacb2fffd9ed3321089b2583969e9ebfc9a8cb3430a04fbd06
libvncserver-devel-0.9.9-13.el7_6.ppc64le.rpm	SHA-256: ba18e023955adaa26762e3434e55bd6893f9bd4edc568128f029e4095dc09cf5

Red Hat Enterprise Linux Server - TUS 7.6

SRPM
libvncserver-0.9.9-13.el7_6.src.rpm	SHA-256: 2b7812a413f65be81dc632e6ac6bd0055470857d36466d0729fe8bdd64e84b59
x86_64
libvncserver-0.9.9-13.el7_6.i686.rpm	SHA-256: 22759d4e20158ad9dbfded416a1ae7e15714a509265c6ed2375150e56e325c48
libvncserver-0.9.9-13.el7_6.x86_64.rpm	SHA-256: d8e5d39a036f9008d3985336e9a06626ed98896c9b44a279ba4b93389ef8beda
libvncserver-debuginfo-0.9.9-13.el7_6.i686.rpm	SHA-256: 15f45596d0a941c31bf298a5424f8f2dc55cb00d225247077d99fb041e574e20
libvncserver-debuginfo-0.9.9-13.el7_6.i686.rpm	SHA-256: 15f45596d0a941c31bf298a5424f8f2dc55cb00d225247077d99fb041e574e20
libvncserver-debuginfo-0.9.9-13.el7_6.x86_64.rpm	SHA-256: a7d5c146e5c1d1154fc4fea84b10ece976eee473cfee09849fb841a4933550ca
libvncserver-debuginfo-0.9.9-13.el7_6.x86_64.rpm	SHA-256: a7d5c146e5c1d1154fc4fea84b10ece976eee473cfee09849fb841a4933550ca
libvncserver-devel-0.9.9-13.el7_6.i686.rpm	SHA-256: bacfbd3a18e97601612d2d849a8749d128061e46c2682d3ea86ac596eb33c4a6
libvncserver-devel-0.9.9-13.el7_6.x86_64.rpm	SHA-256: 90f41e0e706ec99da25b5b8d1430061c0203374f16bbefa1994b6394e5df180d

Red Hat Enterprise Linux for ARM 64 7

SRPM
libvncserver-0.9.9-13.el7_6.src.rpm	SHA-256: 2b7812a413f65be81dc632e6ac6bd0055470857d36466d0729fe8bdd64e84b59
aarch64
libvncserver-0.9.9-13.el7_6.aarch64.rpm	SHA-256: 0b3d20030bfb6cfc2f2aa6d23a14ed608c619c57c05c0a42e67f72295f096d12
libvncserver-debuginfo-0.9.9-13.el7_6.aarch64.rpm	SHA-256: 158574cfb265c1297675a40abd23e014f7ca11994f27644570450dc8d71ae868
libvncserver-debuginfo-0.9.9-13.el7_6.aarch64.rpm	SHA-256: 158574cfb265c1297675a40abd23e014f7ca11994f27644570450dc8d71ae868
libvncserver-devel-0.9.9-13.el7_6.aarch64.rpm	SHA-256: 4b679cc9bfba3228c0ab5a3e098f90f52f5a14484db932e7d89114b9a90cbd8c

Red Hat Enterprise Linux for Power 9 7

SRPM
libvncserver-0.9.9-13.el7_6.src.rpm	SHA-256: 2b7812a413f65be81dc632e6ac6bd0055470857d36466d0729fe8bdd64e84b59
ppc64le
libvncserver-0.9.9-13.el7_6.ppc64le.rpm	SHA-256: 36e2a2bd7f1c059159356cd8917b1f3030e74cdbb150ad3eb2ca240b471cb8ee
libvncserver-debuginfo-0.9.9-13.el7_6.ppc64le.rpm	SHA-256: 8325ac56b27b6ceacb2fffd9ed3321089b2583969e9ebfc9a8cb3430a04fbd06
libvncserver-debuginfo-0.9.9-13.el7_6.ppc64le.rpm	SHA-256: 8325ac56b27b6ceacb2fffd9ed3321089b2583969e9ebfc9a8cb3430a04fbd06
libvncserver-devel-0.9.9-13.el7_6.ppc64le.rpm	SHA-256: ba18e023955adaa26762e3434e55bd6893f9bd4edc568128f029e4095dc09cf5

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.6

SRPM
libvncserver-0.9.9-13.el7_6.src.rpm	SHA-256: 2b7812a413f65be81dc632e6ac6bd0055470857d36466d0729fe8bdd64e84b59
ppc64le
libvncserver-0.9.9-13.el7_6.ppc64le.rpm	SHA-256: 36e2a2bd7f1c059159356cd8917b1f3030e74cdbb150ad3eb2ca240b471cb8ee
libvncserver-debuginfo-0.9.9-13.el7_6.ppc64le.rpm	SHA-256: 8325ac56b27b6ceacb2fffd9ed3321089b2583969e9ebfc9a8cb3430a04fbd06
libvncserver-debuginfo-0.9.9-13.el7_6.ppc64le.rpm	SHA-256: 8325ac56b27b6ceacb2fffd9ed3321089b2583969e9ebfc9a8cb3430a04fbd06
libvncserver-devel-0.9.9-13.el7_6.ppc64le.rpm	SHA-256: ba18e023955adaa26762e3434e55bd6893f9bd4edc568128f029e4095dc09cf5

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.6

SRPM
libvncserver-0.9.9-13.el7_6.src.rpm	SHA-256: 2b7812a413f65be81dc632e6ac6bd0055470857d36466d0729fe8bdd64e84b59
x86_64
libvncserver-0.9.9-13.el7_6.i686.rpm	SHA-256: 22759d4e20158ad9dbfded416a1ae7e15714a509265c6ed2375150e56e325c48
libvncserver-0.9.9-13.el7_6.x86_64.rpm	SHA-256: d8e5d39a036f9008d3985336e9a06626ed98896c9b44a279ba4b93389ef8beda
libvncserver-debuginfo-0.9.9-13.el7_6.i686.rpm	SHA-256: 15f45596d0a941c31bf298a5424f8f2dc55cb00d225247077d99fb041e574e20
libvncserver-debuginfo-0.9.9-13.el7_6.i686.rpm	SHA-256: 15f45596d0a941c31bf298a5424f8f2dc55cb00d225247077d99fb041e574e20
libvncserver-debuginfo-0.9.9-13.el7_6.x86_64.rpm	SHA-256: a7d5c146e5c1d1154fc4fea84b10ece976eee473cfee09849fb841a4933550ca
libvncserver-debuginfo-0.9.9-13.el7_6.x86_64.rpm	SHA-256: a7d5c146e5c1d1154fc4fea84b10ece976eee473cfee09849fb841a4933550ca
libvncserver-devel-0.9.9-13.el7_6.i686.rpm	SHA-256: bacfbd3a18e97601612d2d849a8749d128061e46c2682d3ea86ac596eb33c4a6
libvncserver-devel-0.9.9-13.el7_6.x86_64.rpm	SHA-256: 90f41e0e706ec99da25b5b8d1430061c0203374f16bbefa1994b6394e5df180d

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
libvncserver-0.9.9-13.el7_6.src.rpm	SHA-256: 2b7812a413f65be81dc632e6ac6bd0055470857d36466d0729fe8bdd64e84b59
ppc64le
libvncserver-0.9.9-13.el7_6.ppc64le.rpm	SHA-256: 36e2a2bd7f1c059159356cd8917b1f3030e74cdbb150ad3eb2ca240b471cb8ee
libvncserver-debuginfo-0.9.9-13.el7_6.ppc64le.rpm	SHA-256: 8325ac56b27b6ceacb2fffd9ed3321089b2583969e9ebfc9a8cb3430a04fbd06
libvncserver-debuginfo-0.9.9-13.el7_6.ppc64le.rpm	SHA-256: 8325ac56b27b6ceacb2fffd9ed3321089b2583969e9ebfc9a8cb3430a04fbd06
libvncserver-devel-0.9.9-13.el7_6.ppc64le.rpm	SHA-256: ba18e023955adaa26762e3434e55bd6893f9bd4edc568128f029e4095dc09cf5

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation