Ubuntu
libvncserver package

libvncserver 0.9.11+dfsg-1.3ubuntu0.1 source package in Ubuntu

Changelog

libvncserver (0.9.11+dfsg-1.3ubuntu0.1) eoan-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference in HandleZlibBPP function which
    results in DoS
    - debian/patches/CVE-2019-15680.patch: prevent dereferencing of null
      pointers during decoding in libvncclient/zlib.c and libvncclient/zrle.c.
    - CVE-2019-15680
  * SECURITY UPDATE: memory leak allows an attacker to read stack memory
    resulting in possible information disclosure
    - debian/patches/CVE-2019-15681.patch: clear a block of memory for the sct
      variable in libvncserver/rfbserver.c.
    - CVE-2019-15681
  * SECURITY UPDATE: heap buffer overflow caused by large cursor sizes
    - debian/patches/CVE-2019-15690_CVE-2019-20788.patch: limit the size of
      cursor in libvncclient/cursor.c.
    - CVE-2019-15690
    - CVE-2019-20788
  * SECURITY UPDATE: heap-based buffer overflow which allowed easy modification
    of a return address via an overwritten function pointer
    - debian/patches/CVE-2017-18922.patch: fix buffer overflow within the
      websocket decoding functionality in libvncserver/websockets.c.
    - CVE-2017-18922

 -- Avital Ostromich <email address hidden>  Tue, 30 Jun 2020 11:53:25 -0400

Upload details

Uploaded by:
Avital Ostromich
Uploaded to:
Eoan
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
libs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
libvncserver_0.9.11+dfsg.orig.tar.gz 513.4 KiB ea27be2b923cc5e89fb2d93415fdc2373c90cdd2379cf9c671fa234482c69509
libvncserver_0.9.11+dfsg-1.3ubuntu0.1.debian.tar.xz 27.4 KiB c1cd79248079f6084dd6236f384788024cea26a6ff490f1ef6de306d6acd4d79
libvncserver_0.9.11+dfsg-1.3ubuntu0.1.dsc 2.3 KiB c2b7aa4e1b582fee25d15f907194f2592feb8db01a249ac9334d0c17caa2b971

View changes file

Binary packages built by this source

libvncclient1: No summary available for libvncclient1 in ubuntu eoan.

No description available for libvncclient1 in ubuntu eoan.

libvncclient1-dbg: No summary available for libvncclient1-dbg in ubuntu eoan.

No description available for libvncclient1-dbg in ubuntu eoan.

libvncserver-config: No summary available for libvncserver-config in ubuntu eoan.

No description available for libvncserver-config in ubuntu eoan.

libvncserver-dev: No summary available for libvncserver-dev in ubuntu eoan.

No description available for libvncserver-dev in ubuntu eoan.

libvncserver1: No summary available for libvncserver1 in ubuntu eoan.

No description available for libvncserver1 in ubuntu eoan.

libvncserver1-dbg: No summary available for libvncserver1-dbg in ubuntu eoan.

No description available for libvncserver1-dbg in ubuntu eoan.