Changelog
libvncserver (0.9.11+dfsg-1.2) unstable; urgency=high
* Non-maintainer upload.
* Fix multiple security vulnerabilities (Closes: #916941)
- Use-after-free in file transfer extension allows for potential
code execution (CVE-2018-15126)
- Heap out-of-bounds write in
rfbserver.c:rfbProcessFileTransferReadBuffer() allows for
potential code execution (CVE-2018-15127)
- Multiple heap out-of-bound writes in VNC client code
(CVE-2018-20019)
- Heap out-of-bound write inside structure in VNC client code allows
for potential code execution (CVE-2018-20020)
- Infinite loop in VNC client code allows for denial of service
(CVE-2018-20021)
- Improper initialization in VNC client code allows for information
disclosure (CVE-2018-20022)
- Improper initialization in VNC Repeater client code allows for
information disclosure (CVE-2018-20023)
- NULL pointer dereference in VNC client code allows for denial of
service (CVE-2018-20024)
- Use-after-free in file transfer extension server code allows for
potential code execution (CVE-2018-6307)
* Update symbols file for libvncserver1.
The fix for CVE-2018-15126 removes CloseUndoneFileTransfer and
introduces new CloseUndoneFileDownload and CloseUndoneFileUpload.
-- Salvatore Bonaccorso <email address hidden> Wed, 02 Jan 2019 16:26:53 +0100
