UbuntuUpdates.org

Package "vino"

Name: vino

Description:

VNC server for GNOME

Latest version: 3.8.1-0ubuntu9.4
Release: xenial (16.04)
Level: updates
Repository: main
Homepage: http://live.gnome.org/Vino

Links


Download "vino"


Other versions of "vino" in Xenial

Repository Area Version
base main 3.8.1-0ubuntu9
security main 3.8.1-0ubuntu9.4

Changelog

Version: 3.8.1-0ubuntu9.4 2020-11-17 21:07:00 UTC

  vino (3.8.1-0ubuntu9.4) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2020-25708.patch: fix possible divide-by-zero in
      server/libvncserver/rfbserver.c.
    - CVE-2020-25708

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 16 Nov 2020 12:56:51 -0300

Source diff to previous version
CVE-2020-25708 libvncserver/rfbserver.c has a divide by zero which could result in DoS

Version: 3.8.1-0ubuntu9.3 2020-10-07 15:06:17 UTC

  vino (3.8.1-0ubuntu9.3) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS via unchecked malloc
    - debian/patches/CVE-2014-6053.patch: check malloc() return value in
      server/libvncserver/rfbserver.c.
    - CVE-2014-6053
  * SECURITY UPDATE: client cut length issue
    - debian/patches/CVE-2018-7225.patch: limit client cut text length to
      1 MB in server/libvncserver/rfbserver.c.
    - CVE-2018-7225
  * SECURITY UPDATE: information disclosure via memory leak
    - debian/patches/CVE-2019-15681.patch: don't leak stack memory to the
      remote in server/libvncserver/rfbserver.c.
    - CVE-2019-15681
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2020-14397.patch: add missing NULL pointer checks
      in server/libvncserver/rfbregion.c, server/libvncserver/rfbserver.c.
    - CVE-2020-14397
  * SECURITY UPDATE: out-of-bounds access via encodings
    - debian/patches/CVE-2020-1440x.patch: prevent OOB accesses in
      server/libvncserver/corre.c, server/libvncserver/hextile.c,
      server/libvncserver/rre.c.
    - CVE-2020-14402
    - CVE-2020-14403
    - CVE-2020-14404

 -- Marc Deslauriers <email address hidden> Tue, 06 Oct 2020 10:43:50 -0400

Source diff to previous version
CVE-2014-6053 Server crash on a very large ClientCutText message
CVE-2018-7225 An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to a
CVE-2019-15681 LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read st
CVE-2020-14397 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.
CVE-2020-1440 A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data, aka 'Microsoft SharePoint Server Tampering V
CVE-2020-14402 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.
CVE-2020-14403 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.
CVE-2020-14404 An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.

Version: 3.8.1-0ubuntu9.2 2017-05-24 01:06:48 UTC

  vino (3.8.1-0ubuntu9.2) xenial; urgency=medium

  * Add debian/links to symlink the hidden vino autostart .desktop to
    /usr/share/applications/ which is needed for the Desktop Sharing feature
    in GNOME's Settings app to work. Thanks Florian Apolloner for the bug
    report and suggested fix. (LP: #1607663)

 -- Jeremy Bicha <email address hidden> Sat, 01 Oct 2016 22:57:04 -0400

Source diff to previous version
1607663 vino-server does not autostart on Ubuntu-GNOME

Version: 3.8.1-0ubuntu9.1 2016-08-22 12:06:49 UTC

  vino (3.8.1-0ubuntu9.1) xenial; urgency=medium

  * debian/patches/05_use-system-miniupnpc.patch:
    - use correct arguments for upnp calls, fixes vino server eating
      cpu and not responding once the corresponding option is enabled
      (lp: #1610547)

 -- Sebastien Bacher <email address hidden> Wed, 10 Aug 2016 11:03:23 +0200

1610547 Cannot connect to remote desktop, vino eating cpu and not answering



About   -   Send Feedback to @ubuntu_updates