vino vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

* Ubuntu 20.04 LTS
* Ubuntu 18.04 LTS
* Ubuntu 16.04 LTS

Summary

Several security issues were fixed in Vino.

Software Description

* vino - VNC server for GNOME

Details

Nicolas Ruff discovered that Vino incorrectly handled large
ClientCutText messages. A remote attacker could use this issue to
cause the server to crash, resulting in a denial of service.
(CVE-2014-6053)

It was discovered that Vino incorrectly handled certain packet
lengths. A remote attacker could possibly use this issue to obtain
sensitive information, cause a denial of service, or execute
arbitrary code. (CVE-2018-7225)

Pavel Cheremushkin discovered that an information disclosure
vulnerability existed in Vino when sending a ServerCutText
message. An attacker could possibly use this issue to expose
sensitive information. (CVE-2019-15681)

It was discovered that Vino incorrectly handled region clipping. A
remote attacker could possibly use this issue to cause Vino to
crash, resulting in a denial of service. (CVE-2020-14397)

It was discovered that Vino incorrectly handled encodings. A
remote attacker could use this issue to cause Vino to crash,
resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2020-14402, CVE-2020-14403, CVE-2020-14404)

Update instructions

The problem can be corrected by updating your system to the
following package versions:

Ubuntu 20.04 LTS
vino - 3.22.0-5ubuntu2.1

Ubuntu 18.04 LTS
vino - 3.22.0-3ubuntu1.1

Ubuntu 16.04 LTS
vino - 3.8.1-0ubuntu9.3

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart your session to
make all the necessary changes.

References

* CVE-2014-6053
* CVE-2018-7225
* CVE-2019-15681
* CVE-2020-14397
* CVE-2020-14402
* CVE-2020-14403
* CVE-2020-14404

--- Mystic BBS v1.12 A46 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)