Issued:: 2020-03-23
Updated:: 2020-03-23

RHSA-2020:0913 - Security Advisory

Overview
Updated Packages

Synopsis

Important: libvncserver security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libvncserver is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

LibVNCServer is a C library that enables you to implement VNC server functionality into own programs.

Security Fix(es):

libvncserver: HandleCursorShape() integer overflow resulting in heap-based buffer overflow (CVE-2019-15690)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64
Red Hat Enterprise Linux Server - AUS 7.7 x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le
Red Hat Enterprise Linux Server - TUS 7.7 x86_64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.7 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.7 x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

BZ - 1811948 - CVE-2019-15690 libvncserver: HandleCursorShape() integer overflow resulting in heap-based buffer overflow

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
libvncserver-0.9.9-14.el7_7.src.rpm	SHA-256: 152fe46be71d77dc6f106d7a3f538c22d8a3413e492dbdd0628df0ba5afd4d3b
x86_64
libvncserver-0.9.9-14.el7_7.i686.rpm	SHA-256: 42ceeacf99be75ff788caa7bd3bd3ebeeb2a5de08bb3945f97ab6892f0107381
libvncserver-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 4a8fec0ed78e542b99f2098276f1256b8d8576ef1dc5906f0104b499e2e3c777
libvncserver-debuginfo-0.9.9-14.el7_7.i686.rpm	SHA-256: b868b51e0c9c17ca4481ffa6364dbc36de4e78f7440aba14a7afefabaee87bd4
libvncserver-debuginfo-0.9.9-14.el7_7.i686.rpm	SHA-256: b868b51e0c9c17ca4481ffa6364dbc36de4e78f7440aba14a7afefabaee87bd4
libvncserver-debuginfo-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 0db71a0d33335d3a46476a16924c9f1ac6384ad97e082183ffa0e0f5f8ee5bbc
libvncserver-debuginfo-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 0db71a0d33335d3a46476a16924c9f1ac6384ad97e082183ffa0e0f5f8ee5bbc
libvncserver-devel-0.9.9-14.el7_7.i686.rpm	SHA-256: d2edd6dae3cd6323748840bf3ee8e26be5c4b6715e4a3b0c1dfb080819bb9939
libvncserver-devel-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 1fd2de5ecff488de469afd25fd7dbec76706804917f6c259811af04c53f0c708

Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7

SRPM
libvncserver-0.9.9-14.el7_7.src.rpm	SHA-256: 152fe46be71d77dc6f106d7a3f538c22d8a3413e492dbdd0628df0ba5afd4d3b
x86_64
libvncserver-0.9.9-14.el7_7.i686.rpm	SHA-256: 42ceeacf99be75ff788caa7bd3bd3ebeeb2a5de08bb3945f97ab6892f0107381
libvncserver-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 4a8fec0ed78e542b99f2098276f1256b8d8576ef1dc5906f0104b499e2e3c777
libvncserver-debuginfo-0.9.9-14.el7_7.i686.rpm	SHA-256: b868b51e0c9c17ca4481ffa6364dbc36de4e78f7440aba14a7afefabaee87bd4
libvncserver-debuginfo-0.9.9-14.el7_7.i686.rpm	SHA-256: b868b51e0c9c17ca4481ffa6364dbc36de4e78f7440aba14a7afefabaee87bd4
libvncserver-debuginfo-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 0db71a0d33335d3a46476a16924c9f1ac6384ad97e082183ffa0e0f5f8ee5bbc
libvncserver-debuginfo-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 0db71a0d33335d3a46476a16924c9f1ac6384ad97e082183ffa0e0f5f8ee5bbc
libvncserver-devel-0.9.9-14.el7_7.i686.rpm	SHA-256: d2edd6dae3cd6323748840bf3ee8e26be5c4b6715e4a3b0c1dfb080819bb9939
libvncserver-devel-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 1fd2de5ecff488de469afd25fd7dbec76706804917f6c259811af04c53f0c708

Red Hat Enterprise Linux Server - AUS 7.7

SRPM
libvncserver-0.9.9-14.el7_7.src.rpm	SHA-256: 152fe46be71d77dc6f106d7a3f538c22d8a3413e492dbdd0628df0ba5afd4d3b
x86_64
libvncserver-0.9.9-14.el7_7.i686.rpm	SHA-256: 42ceeacf99be75ff788caa7bd3bd3ebeeb2a5de08bb3945f97ab6892f0107381
libvncserver-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 4a8fec0ed78e542b99f2098276f1256b8d8576ef1dc5906f0104b499e2e3c777
libvncserver-debuginfo-0.9.9-14.el7_7.i686.rpm	SHA-256: b868b51e0c9c17ca4481ffa6364dbc36de4e78f7440aba14a7afefabaee87bd4
libvncserver-debuginfo-0.9.9-14.el7_7.i686.rpm	SHA-256: b868b51e0c9c17ca4481ffa6364dbc36de4e78f7440aba14a7afefabaee87bd4
libvncserver-debuginfo-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 0db71a0d33335d3a46476a16924c9f1ac6384ad97e082183ffa0e0f5f8ee5bbc
libvncserver-debuginfo-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 0db71a0d33335d3a46476a16924c9f1ac6384ad97e082183ffa0e0f5f8ee5bbc
libvncserver-devel-0.9.9-14.el7_7.i686.rpm	SHA-256: d2edd6dae3cd6323748840bf3ee8e26be5c4b6715e4a3b0c1dfb080819bb9939
libvncserver-devel-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 1fd2de5ecff488de469afd25fd7dbec76706804917f6c259811af04c53f0c708

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
libvncserver-0.9.9-14.el7_7.src.rpm	SHA-256: 152fe46be71d77dc6f106d7a3f538c22d8a3413e492dbdd0628df0ba5afd4d3b
x86_64
libvncserver-0.9.9-14.el7_7.i686.rpm	SHA-256: 42ceeacf99be75ff788caa7bd3bd3ebeeb2a5de08bb3945f97ab6892f0107381
libvncserver-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 4a8fec0ed78e542b99f2098276f1256b8d8576ef1dc5906f0104b499e2e3c777
libvncserver-debuginfo-0.9.9-14.el7_7.i686.rpm	SHA-256: b868b51e0c9c17ca4481ffa6364dbc36de4e78f7440aba14a7afefabaee87bd4
libvncserver-debuginfo-0.9.9-14.el7_7.i686.rpm	SHA-256: b868b51e0c9c17ca4481ffa6364dbc36de4e78f7440aba14a7afefabaee87bd4
libvncserver-debuginfo-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 0db71a0d33335d3a46476a16924c9f1ac6384ad97e082183ffa0e0f5f8ee5bbc
libvncserver-debuginfo-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 0db71a0d33335d3a46476a16924c9f1ac6384ad97e082183ffa0e0f5f8ee5bbc
libvncserver-devel-0.9.9-14.el7_7.i686.rpm	SHA-256: d2edd6dae3cd6323748840bf3ee8e26be5c4b6715e4a3b0c1dfb080819bb9939
libvncserver-devel-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 1fd2de5ecff488de469afd25fd7dbec76706804917f6c259811af04c53f0c708

Red Hat Enterprise Linux Workstation 7

SRPM
libvncserver-0.9.9-14.el7_7.src.rpm	SHA-256: 152fe46be71d77dc6f106d7a3f538c22d8a3413e492dbdd0628df0ba5afd4d3b
x86_64
libvncserver-0.9.9-14.el7_7.i686.rpm	SHA-256: 42ceeacf99be75ff788caa7bd3bd3ebeeb2a5de08bb3945f97ab6892f0107381
libvncserver-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 4a8fec0ed78e542b99f2098276f1256b8d8576ef1dc5906f0104b499e2e3c777
libvncserver-debuginfo-0.9.9-14.el7_7.i686.rpm	SHA-256: b868b51e0c9c17ca4481ffa6364dbc36de4e78f7440aba14a7afefabaee87bd4
libvncserver-debuginfo-0.9.9-14.el7_7.i686.rpm	SHA-256: b868b51e0c9c17ca4481ffa6364dbc36de4e78f7440aba14a7afefabaee87bd4
libvncserver-debuginfo-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 0db71a0d33335d3a46476a16924c9f1ac6384ad97e082183ffa0e0f5f8ee5bbc
libvncserver-debuginfo-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 0db71a0d33335d3a46476a16924c9f1ac6384ad97e082183ffa0e0f5f8ee5bbc
libvncserver-devel-0.9.9-14.el7_7.i686.rpm	SHA-256: d2edd6dae3cd6323748840bf3ee8e26be5c4b6715e4a3b0c1dfb080819bb9939
libvncserver-devel-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 1fd2de5ecff488de469afd25fd7dbec76706804917f6c259811af04c53f0c708

Red Hat Enterprise Linux Desktop 7

SRPM
libvncserver-0.9.9-14.el7_7.src.rpm	SHA-256: 152fe46be71d77dc6f106d7a3f538c22d8a3413e492dbdd0628df0ba5afd4d3b
x86_64
libvncserver-0.9.9-14.el7_7.i686.rpm	SHA-256: 42ceeacf99be75ff788caa7bd3bd3ebeeb2a5de08bb3945f97ab6892f0107381
libvncserver-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 4a8fec0ed78e542b99f2098276f1256b8d8576ef1dc5906f0104b499e2e3c777
libvncserver-debuginfo-0.9.9-14.el7_7.i686.rpm	SHA-256: b868b51e0c9c17ca4481ffa6364dbc36de4e78f7440aba14a7afefabaee87bd4
libvncserver-debuginfo-0.9.9-14.el7_7.i686.rpm	SHA-256: b868b51e0c9c17ca4481ffa6364dbc36de4e78f7440aba14a7afefabaee87bd4
libvncserver-debuginfo-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 0db71a0d33335d3a46476a16924c9f1ac6384ad97e082183ffa0e0f5f8ee5bbc
libvncserver-debuginfo-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 0db71a0d33335d3a46476a16924c9f1ac6384ad97e082183ffa0e0f5f8ee5bbc
libvncserver-devel-0.9.9-14.el7_7.i686.rpm	SHA-256: d2edd6dae3cd6323748840bf3ee8e26be5c4b6715e4a3b0c1dfb080819bb9939
libvncserver-devel-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 1fd2de5ecff488de469afd25fd7dbec76706804917f6c259811af04c53f0c708

Red Hat Enterprise Linux for Power, little endian 7

SRPM
libvncserver-0.9.9-14.el7_7.src.rpm	SHA-256: 152fe46be71d77dc6f106d7a3f538c22d8a3413e492dbdd0628df0ba5afd4d3b
ppc64le
libvncserver-0.9.9-14.el7_7.ppc64le.rpm	SHA-256: 87022da4f4b60725719d36fbb5fb26c3a63d4a60580a505fc2511dac26672851
libvncserver-debuginfo-0.9.9-14.el7_7.ppc64le.rpm	SHA-256: e8bfa66c08a4aa78d7893ff9e5cd4f06c7e5a7fd5d241299026b88f42055a97a
libvncserver-debuginfo-0.9.9-14.el7_7.ppc64le.rpm	SHA-256: e8bfa66c08a4aa78d7893ff9e5cd4f06c7e5a7fd5d241299026b88f42055a97a
libvncserver-devel-0.9.9-14.el7_7.ppc64le.rpm	SHA-256: 63c91be2054c6220d4b2434ae153095d20f7c068227e4b6d0636aa1bc5f1f026

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7

SRPM
libvncserver-0.9.9-14.el7_7.src.rpm	SHA-256: 152fe46be71d77dc6f106d7a3f538c22d8a3413e492dbdd0628df0ba5afd4d3b
ppc64le
libvncserver-0.9.9-14.el7_7.ppc64le.rpm	SHA-256: 87022da4f4b60725719d36fbb5fb26c3a63d4a60580a505fc2511dac26672851
libvncserver-debuginfo-0.9.9-14.el7_7.ppc64le.rpm	SHA-256: e8bfa66c08a4aa78d7893ff9e5cd4f06c7e5a7fd5d241299026b88f42055a97a
libvncserver-debuginfo-0.9.9-14.el7_7.ppc64le.rpm	SHA-256: e8bfa66c08a4aa78d7893ff9e5cd4f06c7e5a7fd5d241299026b88f42055a97a
libvncserver-devel-0.9.9-14.el7_7.ppc64le.rpm	SHA-256: 63c91be2054c6220d4b2434ae153095d20f7c068227e4b6d0636aa1bc5f1f026

Red Hat Enterprise Linux Server - TUS 7.7

SRPM
libvncserver-0.9.9-14.el7_7.src.rpm	SHA-256: 152fe46be71d77dc6f106d7a3f538c22d8a3413e492dbdd0628df0ba5afd4d3b
x86_64
libvncserver-0.9.9-14.el7_7.i686.rpm	SHA-256: 42ceeacf99be75ff788caa7bd3bd3ebeeb2a5de08bb3945f97ab6892f0107381
libvncserver-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 4a8fec0ed78e542b99f2098276f1256b8d8576ef1dc5906f0104b499e2e3c777
libvncserver-debuginfo-0.9.9-14.el7_7.i686.rpm	SHA-256: b868b51e0c9c17ca4481ffa6364dbc36de4e78f7440aba14a7afefabaee87bd4
libvncserver-debuginfo-0.9.9-14.el7_7.i686.rpm	SHA-256: b868b51e0c9c17ca4481ffa6364dbc36de4e78f7440aba14a7afefabaee87bd4
libvncserver-debuginfo-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 0db71a0d33335d3a46476a16924c9f1ac6384ad97e082183ffa0e0f5f8ee5bbc
libvncserver-debuginfo-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 0db71a0d33335d3a46476a16924c9f1ac6384ad97e082183ffa0e0f5f8ee5bbc
libvncserver-devel-0.9.9-14.el7_7.i686.rpm	SHA-256: d2edd6dae3cd6323748840bf3ee8e26be5c4b6715e4a3b0c1dfb080819bb9939
libvncserver-devel-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 1fd2de5ecff488de469afd25fd7dbec76706804917f6c259811af04c53f0c708

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.7

SRPM
libvncserver-0.9.9-14.el7_7.src.rpm	SHA-256: 152fe46be71d77dc6f106d7a3f538c22d8a3413e492dbdd0628df0ba5afd4d3b
ppc64le
libvncserver-0.9.9-14.el7_7.ppc64le.rpm	SHA-256: 87022da4f4b60725719d36fbb5fb26c3a63d4a60580a505fc2511dac26672851
libvncserver-debuginfo-0.9.9-14.el7_7.ppc64le.rpm	SHA-256: e8bfa66c08a4aa78d7893ff9e5cd4f06c7e5a7fd5d241299026b88f42055a97a
libvncserver-debuginfo-0.9.9-14.el7_7.ppc64le.rpm	SHA-256: e8bfa66c08a4aa78d7893ff9e5cd4f06c7e5a7fd5d241299026b88f42055a97a
libvncserver-devel-0.9.9-14.el7_7.ppc64le.rpm	SHA-256: 63c91be2054c6220d4b2434ae153095d20f7c068227e4b6d0636aa1bc5f1f026

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.7

SRPM
libvncserver-0.9.9-14.el7_7.src.rpm	SHA-256: 152fe46be71d77dc6f106d7a3f538c22d8a3413e492dbdd0628df0ba5afd4d3b
x86_64
libvncserver-0.9.9-14.el7_7.i686.rpm	SHA-256: 42ceeacf99be75ff788caa7bd3bd3ebeeb2a5de08bb3945f97ab6892f0107381
libvncserver-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 4a8fec0ed78e542b99f2098276f1256b8d8576ef1dc5906f0104b499e2e3c777
libvncserver-debuginfo-0.9.9-14.el7_7.i686.rpm	SHA-256: b868b51e0c9c17ca4481ffa6364dbc36de4e78f7440aba14a7afefabaee87bd4
libvncserver-debuginfo-0.9.9-14.el7_7.i686.rpm	SHA-256: b868b51e0c9c17ca4481ffa6364dbc36de4e78f7440aba14a7afefabaee87bd4
libvncserver-debuginfo-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 0db71a0d33335d3a46476a16924c9f1ac6384ad97e082183ffa0e0f5f8ee5bbc
libvncserver-debuginfo-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 0db71a0d33335d3a46476a16924c9f1ac6384ad97e082183ffa0e0f5f8ee5bbc
libvncserver-devel-0.9.9-14.el7_7.i686.rpm	SHA-256: d2edd6dae3cd6323748840bf3ee8e26be5c4b6715e4a3b0c1dfb080819bb9939
libvncserver-devel-0.9.9-14.el7_7.x86_64.rpm	SHA-256: 1fd2de5ecff488de469afd25fd7dbec76706804917f6c259811af04c53f0c708

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
libvncserver-0.9.9-14.el7_7.src.rpm	SHA-256: 152fe46be71d77dc6f106d7a3f538c22d8a3413e492dbdd0628df0ba5afd4d3b
ppc64le
libvncserver-0.9.9-14.el7_7.ppc64le.rpm	SHA-256: 87022da4f4b60725719d36fbb5fb26c3a63d4a60580a505fc2511dac26672851
libvncserver-debuginfo-0.9.9-14.el7_7.ppc64le.rpm	SHA-256: e8bfa66c08a4aa78d7893ff9e5cd4f06c7e5a7fd5d241299026b88f42055a97a
libvncserver-debuginfo-0.9.9-14.el7_7.ppc64le.rpm	SHA-256: e8bfa66c08a4aa78d7893ff9e5cd4f06c7e5a7fd5d241299026b88f42055a97a
libvncserver-devel-0.9.9-14.el7_7.ppc64le.rpm	SHA-256: 63c91be2054c6220d4b2434ae153095d20f7c068227e4b6d0636aa1bc5f1f026

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation