UbuntuUpdates.org

Package "libvncserver"

Name: libvncserver

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • API to write one's own VNC server - client library
  • debugging symbols for libvncclient
  • API to write one's own VNC server - library utility
  • API to write one's own VNC server - development files

Latest version: 0.9.10+dfsg-3ubuntu0.16.04.5
Release: xenial (16.04)
Level: security
Repository: main

Links



Other versions of "libvncserver" in Xenial

Repository Area Version
base main 0.9.10+dfsg-3build1
updates main 0.9.10+dfsg-3ubuntu0.16.04.5

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.9.10+dfsg-3ubuntu0.16.04.5 2020-07-23 20:06:20 UTC

  libvncserver (0.9.10+dfsg-3ubuntu0.16.04.5) xenial-security; urgency=medium

  * SECURITY UPDATE: buffer overflow via a long socket filename
    - debian/patches/CVE-2019-20839.patch: Error out if the unix socket name
      would overflow in libvncclient/sockets.c.
    - CVE-2019-20839
  * SECURITY UPDATE: unaligned accesses in hybiReadAndDecode can lead to a
    crash
    - debian/patches/CVE-2019-20840.patch: Ensure a proper stack alignment in
      libvncserver/websockets.c.
    - CVE-2019-20840
  * SECURITY UPDATE: NULL pointer dereference in region clipping span routine
    - debian/patches/CVE-2020-14397.patch: Add NULL pointer dereference checks
      to libvncserver/rfbregion.c.
    - CVE-2020-14397
  * SECURITY UPDATE: infinite loop due to improperly closed TCP connection
    - debian/patches/CVE-2020-14398.patch: Close the connection after a certain
      number of retries in libvncclient/sockets.c.
    - CVE-2020-14398
  * SECURITY UPDATE: byte-aligned data is accessed through uint32_t pointers
    - debian/patches/CVE-2020-14399.patch: Ensure a proper stack alignment in
      libvncclient/rfbproto.c.
    - CVE-2020-14399
  * SECURITY UPDATE: byte-aligned data is accessed through uint16_t pointers
    - debian/patches/CVE-2020-14400.patch: Ensure a proper stack alignment in
      libvncserver/translate.c.
    - CVE-2020-14400
  * SECURITY UPDATE: integer overflow in bitwise operation on pixel_value
    - debian/patches/CVE-2020-14401.patch: Cast variable to 64 bit before
      performing bitwise operation.
    - CVE-2020-14401
  * SECURITY UPDATE: out-of-bounds access via encodings
    - debian/patches/CVE-2020-14402_CVE-2020-14403_CVE-2020-14404.patch:
      Check bounds before accessing array value in libvncserver/corre.c,
      libvncserver/hextile.c and libvncserver/rre.c
    - CVE-2020-14402
    - CVE-2020-14403
    - CVE-2020-14404
  * SECURITY UPDATE: unchecked TextChat allocation size
    - debian/patches/CVE-2020-14405.patch: Limit max TextChat size in
      libvncclient/rfbproto.c.
    - CVE-2020-14405

 -- Avital Ostromich <email address hidden> Tue, 14 Jul 2020 09:52:11 -0400

Source diff to previous version
CVE-2019-20839 libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.
CVE-2019-20840 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecod
CVE-2020-14397 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.
CVE-2020-14398 An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.
CVE-2020-14399 An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c.
CVE-2020-14400 An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c.
CVE-2020-14401 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.
CVE-2020-14402 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.
CVE-2020-14403 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.
CVE-2020-14404 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.
CVE-2020-14405 An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.

Version: 0.9.10+dfsg-3ubuntu0.16.04.4 2020-07-02 00:07:13 UTC

  libvncserver (0.9.10+dfsg-3ubuntu0.16.04.4) xenial-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference in HandleZlibBPP function which
    results in DoS
    - debian/patches/CVE-2019-15680.patch: prevent dereferencing of null
      pointers during decoding in libvncclient/zlib.c and libvncclient/zrle.c.
    - CVE-2019-15680
  * SECURITY UPDATE: memory leak allows an attacker to read stack memory
    resulting in possible information disclosure
    - debian/patches/CVE-2019-15681.patch: clear a block of memory for the sct
      variable in libvncserver/rfbserver.c.
    - CVE-2019-15681
  * SECURITY UPDATE: heap buffer overflow caused by large cursor sizes
    - debian/patches/CVE-2019-15690_CVE-2019-20788.patch: limit the size of
      cursor in libvncclient/cursor.c.
    - CVE-2019-15690
    - CVE-2019-20788
  * SECURITY UPDATE: heap-based buffer overflow which allowed easy modification
    of a return address via an overwritten function pointer
    - debian/patches/CVE-2017-18922.patch: fix buffer overflow within the
      websocket decoding functionality in libvncserver/websockets.c.
    - debian/patches/encode_decode_buffers.patch: split codeBuf variable into
      encode and decode variables, allowing CVE patch to apply.
    - CVE-2017-18922

 -- Avital Ostromich <email address hidden> Tue, 30 Jun 2020 11:11:21 -0400

Source diff to previous version
CVE-2019-15680 TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to
CVE-2019-15681 LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read st
CVE-2019-20788 libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or wi
CVE-2017-18922 It was discovered that websockets.c in LibVNCServer prior to 0.9.12 di ...

Version: 0.9.10+dfsg-3ubuntu0.16.04.3 2019-01-31 20:07:10 UTC

  libvncserver (0.9.10+dfsg-3ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Multiple security issues
    - debian/patches/CVE-2018-*.patch: add upstream commits to fix
      multiple security issues.
    - debian/libvncserver1.symbols: updated for new symbols.
    - CVE-2018-6307, CVE-2018-15126, CVE-2018-15127, CVE-2018-20019,
      CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023,
      CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750

 -- Marc Deslauriers <email address hidden> Wed, 30 Jan 2019 13:24:30 -0500

Source diff to previous version
CVE-2018-6307 LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension th
CVE-2018-15126 LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension th
CVE-2018-15127 LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extensio
CVE-2018-20019 LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can r
CVE-2018-20020 LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that
CVE-2018-20021 LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allow
CVE-2018-20022 LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code
CVE-2018-20023 LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allow
CVE-2018-20024 LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null pointer dereference in VNC client code that can result DoS.
CVE-2018-20748 LibVNC before 0.9.12 contains multiple heap out-of-bounds write ...
CVE-2018-20749 LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability ...
CVE-2018-20750 LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability ...

Version: 0.9.10+dfsg-3ubuntu0.16.04.2 2018-04-04 16:06:46 UTC

  libvncserver (0.9.10+dfsg-3ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: integer overflow or memory access
    - debian/patches/CVE-2018-7225.patch: limit client cut text length to
      1 MB in libvncserver/rfbserver.c.
    - CVE-2018-7225

 -- Marc Deslauriers <email address hidden> Fri, 30 Mar 2018 10:40:42 -0400

Source diff to previous version
CVE-2018-7225 An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to a

Version: 0.9.10+dfsg-3ubuntu0.16.04.1 2017-01-11 19:07:39 UTC

  libvncserver (0.9.10+dfsg-3ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: heap overflows in rectangle fill functions
    - debian/patches/CVE-2016-9941.patch: add bounds checking to
      libvncclient/rfbproto.c.
    - CVE-2016-9941
  * SECURITY UPDATE: heap overflow in Ultra type tile decoder
    - debian/patches/CVE-2016-9942.patch: use _safe variant in
      libvncclient/ultra.c.
    - CVE-2016-9942

 -- Marc Deslauriers <email address hidden> Fri, 06 Jan 2017 07:55:19 -0500

CVE-2016-9941 Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (applicatio
CVE-2016-9942 Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application c



About   -   Send Feedback to @ubuntu_updates