ALAS2-2019-1161


Amazon Linux 2 Security Advisory: ALAS-2019-1161
Advisory Release Date: 2019-02-14 04:06 Pacific
Severity: Important
References: CVE-2018-15127 

Issue Overview:

LibVNC contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution (CVE-2018-15127 )


Affected Packages:

libvncserver


Issue Correction:
Run yum update libvncserver to update your system.

New Packages:
aarch64:
    libvncserver-0.9.9-13.amzn2.aarch64
    libvncserver-devel-0.9.9-13.amzn2.aarch64
    libvncserver-debuginfo-0.9.9-13.amzn2.aarch64

i686:
    libvncserver-0.9.9-13.amzn2.i686
    libvncserver-devel-0.9.9-13.amzn2.i686
    libvncserver-debuginfo-0.9.9-13.amzn2.i686

src:
    libvncserver-0.9.9-13.amzn2.src

x86_64:
    libvncserver-0.9.9-13.amzn2.x86_64
    libvncserver-devel-0.9.9-13.amzn2.x86_64
    libvncserver-debuginfo-0.9.9-13.amzn2.x86_64