安全公告详情

NS-SA-2020-0038

2020-09-07 19:57:16

简介

important: libvncserver/tomcat security update

严重级别

important

主题

An update for libvncserver/tomcat is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

libvncserver: LibVNCServer makes writing a VNC server (or more correctly, a program exporting a framebuffer via the Remote Frame Buffer protocol) easy. It hides the programmer from the tedious task of managing clients and compression schemata.
tomcat: Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world.


Security Fix(es):
libvncserver: A flaw was found in libvncserver. An integer overflow within the HandleCursorShape() function can be exploited to cause a heap-based buffer overflow by tricking a user or application using libvncserver to connect to an unstrusted server and subsequently send cursor shapes with specially crafted dimensions. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2019-15690)
libvncserver: A flaw was found in libvncserver in versions through 0.9.12. A large height or width value may cause an integer overflow or a heap-based buffer overflow. The highest threat from this vulnerability is to system availability.(CVE-2019-20788)
libvncserver: bugfix
tomcat: is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution (RCE). It affects the version of Apache Tomcat 9 before 9.0.31, Tomcat 8 before 8.5.51, and Tomcat 7 before 7.0.100.(CVE-2020-1938)
tomcat: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F24.

影响组件

  • libvncserver
  • tomcat

影响产品

  • CGSL MAIN 5.04
  • CGSL CORE 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["libvncserver-0.9.9-14.el7_7.x86_64.rpm","libvncserver-devel-0.9.9-14.el7_7.x86_64.rpm","libvncserver-debuginfo-0.9.9-14.el7_7.x86_64.rpm"],"source":"libvncserver-0.9.9-14.el7_7.src.rpm"},{"binary":["tomcat-7.0.76-11.el7_7.noarch.rpm","tomcat-admin-webapps-7.0.76-11.el7_7.noarch.rpm","tomcat-docs-webapp-7.0.76-11.el7_7.noarch.rpm","tomcat-el-2.2-api-7.0.76-11.el7_7.noarch.rpm","tomcat-javadoc-7.0.76-11.el7_7.noarch.rpm","tomcat-jsp-2.2-api-7.0.76-11.el7_7.noarch.rpm","tomcat-jsvc-7.0.76-11.el7_7.noarch.rpm","tomcat-servlet-3.0-api-7.0.76-11.el7_7.noarch.rpm","tomcat-lib-7.0.76-11.el7_7.noarch.rpm","tomcat-webapps-7.0.76-11.el7_7.noarch.rpm"],"source":"tomcat-7.0.76-11.el7_7.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["libvncserver-0.9.9-14.el7_7.x86_64.rpm","libvncserver-devel-0.9.9-14.el7_7.x86_64.rpm","libvncserver-debuginfo-0.9.9-14.el7_7.x86_64.rpm"],"source":"libvncserver-0.9.9-14.el7_7.src.rpm"},{"binary":["tomcat-7.0.76-11.el7_7.noarch.rpm","tomcat-docs-webapp-7.0.76-11.el7_7.noarch.rpm","tomcat-admin-webapps-7.0.76-11.el7_7.noarch.rpm","tomcat-jsp-2.2-api-7.0.76-11.el7_7.noarch.rpm","tomcat-el-2.2-api-7.0.76-11.el7_7.noarch.rpm","tomcat-javadoc-7.0.76-11.el7_7.noarch.rpm","tomcat-jsvc-7.0.76-11.el7_7.noarch.rpm","tomcat-lib-7.0.76-11.el7_7.noarch.rpm","tomcat-servlet-3.0-api-7.0.76-11.el7_7.noarch.rpm","tomcat-webapps-7.0.76-11.el7_7.noarch.rpm"],"source":"tomcat-7.0.76-11.el7_7.src.rpm"}]}]}

CVE

参考