Package "libvncserver"
Name: |
libvncserver
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- VNC server to allow remote access to a tty
|
Latest version: |
0.9.9+dfsg-1ubuntu1.4 |
Release: |
trusty (14.04) |
Level: |
security |
Repository: |
universe |
Links
Other versions of "libvncserver" in Trusty
Packages in group
Deleted packages are displayed in grey.
Changelog
libvncserver (0.9.9+dfsg-1ubuntu1.4) trusty-security; urgency=medium
* SECURITY UPDATE: Multiple security issues
- debian/patches/CVE-2018-*.patch: add upstream commits to fix
multiple security issues.
- CVE-2018-6307, CVE-2018-15126, CVE-2018-15127, CVE-2018-20019,
CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023,
CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750
-- Marc Deslauriers <email address hidden> Wed, 30 Jan 2019 14:00:33 -0500
|
Source diff to previous version |
CVE-2018-6307 |
LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension th |
CVE-2018-15126 |
LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension th |
CVE-2018-15127 |
LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extensio |
CVE-2018-20019 |
LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can r |
CVE-2018-20020 |
LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that |
CVE-2018-20021 |
LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allow |
CVE-2018-20022 |
LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code |
CVE-2018-20023 |
LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allow |
CVE-2018-20024 |
LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS. |
CVE-2018-20748 |
LibVNC before 0.9.12 contains multiple heap out-of-bounds write ... |
CVE-2018-20749 |
LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability ... |
CVE-2018-20750 |
LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability ... |
|
libvncserver (0.9.9+dfsg-1ubuntu1.3) trusty-security; urgency=medium
* SECURITY UPDATE: integer overflow or memory access
- debian/patches/CVE-2018-7225.patch: limit client cut text length to
1 MB in libvncserver/rfbserver.c.
- CVE-2018-7225
-- Marc Deslauriers <email address hidden> Fri, 30 Mar 2018 10:46:20 -0400
|
Source diff to previous version |
CVE-2018-7225 |
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to a |
|
libvncserver (0.9.9+dfsg-1ubuntu1.2) trusty-security; urgency=medium
* SECURITY UPDATE: heap overflows in rectangle fill functions
- debian/patches/CVE-2016-9941.patch: add bounds checking to
libvncclient/rfbproto.c.
- CVE-2016-9941
* SECURITY UPDATE: heap overflow in Ultra type tile decoder
- debian/patches/CVE-2016-9942.patch: use _safe variant in
libvncclient/ultra.c.
- CVE-2016-9942
-- Marc Deslauriers <email address hidden> Fri, 06 Jan 2017 07:57:31 -0500
|
Source diff to previous version |
CVE-2016-9941 |
Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (applicatio |
CVE-2016-9942 |
Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application c |
|
libvncserver (0.9.9+dfsg-1ubuntu1.1) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service and possible code execution via
integer overflow and lack of malloc error handling in
MallocFrameBuffer()
- debian/patches/CVE-2014-6051-6052.patch: check size and handle
return code in libvncclient/vncviewer.c, handle return code in
libvncclient/rfbproto.c.
- CVE-2014-6051
- CVE-2014-6052
* SECURITY UPDATE: denial of service via large ClientCutText message
- debian/patches/CVE-2014-6053.patch: check malloc result in
libvncserver/rfbserver.c.
- CVE-2014-6053
* SECURITY UPDATE: denial of service via zero scaling factor
- debian/patches/CVE-2014-6054.patch: prevent zero scaling factor in
libvncserver/rfbserver.c, check for integer overflow in
libvncserver/scale.c.
- CVE-2014-6054
* SECURITY UPDATE: denial of service and possible code execution via
stack overflows in File Transfer feature
- debian/patches/CVE-2014-6055.patch: check sizes in
libvncserver/rfbserver.c.
- CVE-2014-6055
-- Marc Deslauriers <email address hidden> Thu, 25 Sep 2014 11:40:15 -0400
|
CVE-2014-6051 |
Integer overflow in MallocFrameBuffer() on client side |
CVE-2014-6052 |
Lack of malloc() return value checking on client side |
CVE-2014-6053 |
Server crash on a very large ClientCutText message |
CVE-2014-6054 |
Server crash when scaling factor is set to zero |
CVE-2014-6055 |
Multiple stack overflows in File Transfer feature |
|
About
-
Send Feedback to @ubuntu_updates