UbuntuUpdates.org

Package "libvncserver"

Name: libvncserver

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • API to write one's own VNC server - client library
  • debugging symbols for libvncclient
  • API to write one's own VNC server - library utility
  • API to write one's own VNC server - development files

Latest version: 0.9.11+dfsg-1.3ubuntu0.1
Release: eoan (19.10)
Level: updates
Repository: main

Links



Other versions of "libvncserver" in Eoan

Repository Area Version
base main 0.9.11+dfsg-1.3
security main 0.9.11+dfsg-1.3ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.9.11+dfsg-1.3ubuntu0.1 2020-07-02 02:06:24 UTC

  libvncserver (0.9.11+dfsg-1.3ubuntu0.1) eoan-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference in HandleZlibBPP function which
    results in DoS
    - debian/patches/CVE-2019-15680.patch: prevent dereferencing of null
      pointers during decoding in libvncclient/zlib.c and libvncclient/zrle.c.
    - CVE-2019-15680
  * SECURITY UPDATE: memory leak allows an attacker to read stack memory
    resulting in possible information disclosure
    - debian/patches/CVE-2019-15681.patch: clear a block of memory for the sct
      variable in libvncserver/rfbserver.c.
    - CVE-2019-15681
  * SECURITY UPDATE: heap buffer overflow caused by large cursor sizes
    - debian/patches/CVE-2019-15690_CVE-2019-20788.patch: limit the size of
      cursor in libvncclient/cursor.c.
    - CVE-2019-15690
    - CVE-2019-20788
  * SECURITY UPDATE: heap-based buffer overflow which allowed easy modification
    of a return address via an overwritten function pointer
    - debian/patches/CVE-2017-18922.patch: fix buffer overflow within the
      websocket decoding functionality in libvncserver/websockets.c.
    - CVE-2017-18922

 -- Avital Ostromich <email address hidden> Tue, 30 Jun 2020 11:53:25 -0400

CVE-2019-15680 TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to
CVE-2019-15681 LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read st
CVE-2019-20788 libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or wi
CVE-2017-18922 It was discovered that websockets.c in LibVNCServer prior to 0.9.12 di ...



About   -   Send Feedback to @ubuntu_updates