UbuntuUpdates.org

Package "libvncserver"

Name: libvncserver

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • VNC server to allow remote access to a tty

Latest version: 0.9.8.2-2ubuntu1.2
Release: precise (12.04)
Level: updates
Repository: universe

Links



Other versions of "libvncserver" in Precise

Repository Area Version
base main 0.9.8.2-2ubuntu1
base universe 0.9.8.2-2ubuntu1
security main 0.9.8.2-2ubuntu1.2
security universe 0.9.8.2-2ubuntu1.2
updates main 0.9.8.2-2ubuntu1.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.9.8.2-2ubuntu1.2 2017-01-11 20:07:20 UTC

  libvncserver (0.9.8.2-2ubuntu1.2) precise-security; urgency=medium

  * SECURITY UPDATE: heap overflows in rectangle fill functions
    - debian/patches/CVE-2016-9941.patch: add bounds checking to
      libvncclient/rfbproto.c.
    - CVE-2016-9941
  * SECURITY UPDATE: heap overflow in Ultra type tile decoder
    - debian/patches/CVE-2016-9942.patch: use _safe variant in
      libvncclient/ultra.c.
    - CVE-2016-9942

 -- Marc Deslauriers <email address hidden> Fri, 06 Jan 2017 07:58:40 -0500

Source diff to previous version
CVE-2016-9941 Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (applicatio
CVE-2016-9942 Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application c

Version: 0.9.8.2-2ubuntu1.1 2014-09-29 20:06:36 UTC

  libvncserver (0.9.8.2-2ubuntu1.1) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    integer overflow and lack of malloc error handling in
    MallocFrameBuffer()
    - debian/patches/CVE-2014-6051-6052.patch: check size and handle
      return code in libvncclient/vncviewer.c, handle return code in
      libvncclient/rfbproto.c.
    - CVE-2014-6051
    - CVE-2014-6052
  * SECURITY UPDATE: denial of service via large ClientCutText message
    - debian/patches/CVE-2014-6053.patch: check malloc result in
      libvncserver/rfbserver.c.
    - CVE-2014-6053
  * SECURITY UPDATE: denial of service via zero scaling factor
    - debian/patches/CVE-2014-6054.patch: prevent zero scaling factor in
      libvncserver/rfbserver.c, check for integer overflow in
      libvncserver/scale.c.
    - CVE-2014-6054
  * SECURITY UPDATE: denial of service and possible code execution via
    stack overflows in File Transfer feature
    - debian/patches/CVE-2014-6055.patch: check sizes in
      libvncserver/rfbserver.c.
    - CVE-2014-6055
 -- Marc Deslauriers <email address hidden> Thu, 25 Sep 2014 11:50:27 -0400

CVE-2014-6051 Integer overflow in MallocFrameBuffer() on client side
CVE-2014-6052 Lack of malloc() return value checking on client side
CVE-2014-6053 Server crash on a very large ClientCutText message
CVE-2014-6054 Server crash when scaling factor is set to zero
CVE-2014-6055 Multiple stack overflows in File Transfer feature



About   -   Send Feedback to @ubuntu_updates