[SECURITY] [DLA 2490-1] x11vnc security update

2020-12-1021:30:12

lists.debian.org

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.9%

JSON

Debian LTS Advisory DLA-2490-1 [email protected]
https://www.debian.org/lts/security/ Thorsten Alteholz
December 10, 2020 https://wiki.debian.org/LTS

Package : x11vnc
Version : 0.9.13-2+deb9u2
CVE ID : CVE-2020-29074

Guenal Davalan reported a flaw in x11vnc, a VNC server to allow remote
access to an existing X session. x11vnc creates shared memory segments
with 0777 mode. A local attacker can take advantage of this flaw for
information disclosure, denial of service or interfering with the VNC
session of another user on the host.

For Debian 9 stretch, this problem has been fixed in version
0.9.13-2+deb9u2.

We recommend that you upgrade your x11vnc packages.

For the detailed security status of x11vnc please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/x11vnc

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian9armhfx11vnc< 0.9.13-2+deb9u2x11vnc_0.9.13-2+deb9u2_armhf.deb
Debian10amd64x11vnc-dbgsym< 0.9.13-6+deb10u1x11vnc-dbgsym_0.9.13-6+deb10u1_amd64.deb
Debian9armelx11vnc< 0.9.13-2+deb9u2x11vnc_0.9.13-2+deb9u2_armel.deb
Debian10amd64x11vnc< 0.9.13-6+deb10u1x11vnc_0.9.13-6+deb10u1_amd64.deb
Debian10allx11vnc-data< 0.9.13-6+deb10u1x11vnc-data_0.9.13-6+deb10u1_all.deb
Debian10mipselx11vnc< 0.9.13-6+deb10u1x11vnc_0.9.13-6+deb10u1_mipsel.deb
Debian9allx11vnc-data< 0.9.13-2+deb9u2x11vnc-data_0.9.13-2+deb9u2_all.deb
Debian10armelx11vnc< 0.9.13-6+deb10u1x11vnc_0.9.13-6+deb10u1_armel.deb
Debian10i386x11vnc-dbgsym< 0.9.13-6+deb10u1x11vnc-dbgsym_0.9.13-6+deb10u1_i386.deb
Debian10mips64elx11vnc< 0.9.13-6+deb10u1x11vnc_0.9.13-6+deb10u1_mips64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	armhf	x11vnc	< 0.9.13-2+deb9u2	x11vnc_0.9.13-2+deb9u2_armhf.deb
Debian	10	amd64	x11vnc-dbgsym	< 0.9.13-6+deb10u1	x11vnc-dbgsym_0.9.13-6+deb10u1_amd64.deb
Debian	9	armel	x11vnc	< 0.9.13-2+deb9u2	x11vnc_0.9.13-2+deb9u2_armel.deb
Debian	10	amd64	x11vnc	< 0.9.13-6+deb10u1	x11vnc_0.9.13-6+deb10u1_amd64.deb
Debian	10	all	x11vnc-data	< 0.9.13-6+deb10u1	x11vnc-data_0.9.13-6+deb10u1_all.deb
Debian	10	mipsel	x11vnc	< 0.9.13-6+deb10u1	x11vnc_0.9.13-6+deb10u1_mipsel.deb
Debian	9	all	x11vnc-data	< 0.9.13-2+deb9u2	x11vnc-data_0.9.13-2+deb9u2_all.deb
Debian	10	armel	x11vnc	< 0.9.13-6+deb10u1	x11vnc_0.9.13-6+deb10u1_armel.deb
Debian	10	i386	x11vnc-dbgsym	< 0.9.13-6+deb10u1	x11vnc-dbgsym_0.9.13-6+deb10u1_i386.deb
Debian	10	mips64el	x11vnc	< 0.9.13-6+deb10u1	x11vnc_0.9.13-6+deb10u1_mips64el.deb