UbuntuUpdates.org

Package "libvncclient1"

Name: libvncclient1

Description:

API to write one's own VNC server - client library

Latest version: 0.9.12+dfsg-9ubuntu0.3
Release: focal (20.04)
Level: security
Repository: main
Head package: libvncserver
Homepage: http://libvnc.github.io

Links


Download "libvncclient1"


Other versions of "libvncclient1" in Focal

Repository Area Version
base main 0.9.12+dfsg-9
updates main 0.9.12+dfsg-9ubuntu0.3

Changelog

Version: 0.9.12+dfsg-9ubuntu0.3 2020-11-17 19:06:26 UTC

  libvncserver (0.9.12+dfsg-9ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2020-25708.patch: fix possible divide-by-zero in
      libvncserver/rfbserver.c.
    - CVE-2020-25708

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 16 Nov 2020 09:32:16 -0300

Source diff to previous version
CVE-2020-25708 libvncserver/rfbserver.c has a divide by zero which could result in DoS

Version: 0.9.12+dfsg-9ubuntu0.2 2020-07-23 20:06:26 UTC

  libvncserver (0.9.12+dfsg-9ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: buffer overflow via a long socket filename
    - debian/patches/CVE-2019-20839.patch: Error out if the unix socket name
      would overflow in libvncclient/sockets.c.
    - CVE-2019-20839
  * SECURITY UPDATE: NULL pointer dereference in anonTLS mode
    - debian/patches/CVE-2020-14396.patch: Do not dereference NULL cred pointer
      in libvncclient/tls_openssl.c if in anonTLS mode.
    - CVE-2020-14396
  * SECURITY UPDATE: NULL pointer dereference in region clipping span routine
    - debian/patches/CVE-2020-14397.patch: Add NULL pointer dereference checks
      to libvncserver/rfbregion.c.
    - CVE-2020-14397
  * SECURITY UPDATE: infinite loop due to improperly closed TCP connection
    - debian/patches/CVE-2020-14398.patch: Close the connection after a certain
      number of retries in libvncclient/sockets.c.
    - CVE-2020-14398
  * SECURITY UPDATE: byte-aligned data is accessed through uint32_t pointers
    - debian/patches/CVE-2020-14399.patch: Ensure a proper stack alignment in
      libvncclient/rfbproto.c.
    - CVE-2020-14399
  * SECURITY UPDATE: byte-aligned data is accessed through uint16_t pointers
    - debian/patches/CVE-2020-14400.patch: Ensure a proper stack alignment in
      libvncserver/translate.c.
    - CVE-2020-14400
  * SECURITY UPDATE: integer overflow in bitwise operation on pixel_value
    - debian/patches/CVE-2020-14401.patch: Cast variable to 64 bit before
      performing bitwise operation.
    - CVE-2020-14401
  * SECURITY UPDATE: out-of-bounds access via encodings
    - debian/patches/CVE-2020-14402_CVE-2020-14403_CVE-2020-14404.patch:
      Check bounds before accessing array value in libvncserver/corre.c,
      libvncserver/hextile.c and libvncserver/rre.c
    - CVE-2020-14402
    - CVE-2020-14403
    - CVE-2020-14404
  * SECURITY UPDATE: unchecked TextChat allocation size
    - debian/patches/CVE-2020-14405.patch: Limit max TextChat size in
      libvncclient/rfbproto.c.
    - CVE-2020-14405

 -- Avital Ostromich <email address hidden> Fri, 10 Jul 2020 15:42:39 -0400

Source diff to previous version
CVE-2019-20839 libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.
CVE-2020-14396 An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.
CVE-2020-14397 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.
CVE-2020-14398 An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.
CVE-2020-14399 An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c.
CVE-2020-14400 An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c.
CVE-2020-14401 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.
CVE-2020-14402 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.
CVE-2020-14403 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.
CVE-2020-14404 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.
CVE-2020-14405 An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.

Version: 0.9.12+dfsg-9ubuntu0.1 2020-07-02 00:07:40 UTC

  libvncserver (0.9.12+dfsg-9ubuntu0.1) focal; urgency=medium

  * SECURITY UPDATE: null pointer dereference in HandleZlibBPP function which
    results in DoS
    - debian/patches/CVE-2019-15680.patch: prevent dereferencing of null
      pointers during decoding in libvncclient/zlib.c and libvncclient/zrle.c.
    - CVE-2019-15680

 -- Avital Ostromich <email address hidden> Wed, 22 Apr 2020 18:47:50 -0400

CVE-2019-15680 TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to



About   -   Send Feedback to @ubuntu_updates