libvncserver 0.9.12+dfsg-9ubuntu0.2 source package in Ubuntu
Changelog
libvncserver (0.9.12+dfsg-9ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: buffer overflow via a long socket filename
- debian/patches/CVE-2019-20839.patch: Error out if the unix socket name
would overflow in libvncclient/sockets.c.
- CVE-2019-20839
* SECURITY UPDATE: NULL pointer dereference in anonTLS mode
- debian/patches/CVE-2020-14396.patch: Do not dereference NULL cred pointer
in libvncclient/tls_openssl.c if in anonTLS mode.
- CVE-2020-14396
* SECURITY UPDATE: NULL pointer dereference in region clipping span routine
- debian/patches/CVE-2020-14397.patch: Add NULL pointer dereference checks
to libvncserver/rfbregion.c.
- CVE-2020-14397
* SECURITY UPDATE: infinite loop due to improperly closed TCP connection
- debian/patches/CVE-2020-14398.patch: Close the connection after a certain
number of retries in libvncclient/sockets.c.
- CVE-2020-14398
* SECURITY UPDATE: byte-aligned data is accessed through uint32_t pointers
- debian/patches/CVE-2020-14399.patch: Ensure a proper stack alignment in
libvncclient/rfbproto.c.
- CVE-2020-14399
* SECURITY UPDATE: byte-aligned data is accessed through uint16_t pointers
- debian/patches/CVE-2020-14400.patch: Ensure a proper stack alignment in
libvncserver/translate.c.
- CVE-2020-14400
* SECURITY UPDATE: integer overflow in bitwise operation on pixel_value
- debian/patches/CVE-2020-14401.patch: Cast variable to 64 bit before
performing bitwise operation.
- CVE-2020-14401
* SECURITY UPDATE: out-of-bounds access via encodings
- debian/patches/CVE-2020-14402_CVE-2020-14403_CVE-2020-14404.patch:
Check bounds before accessing array value in libvncserver/corre.c,
libvncserver/hextile.c and libvncserver/rre.c
- CVE-2020-14402
- CVE-2020-14403
- CVE-2020-14404
* SECURITY UPDATE: unchecked TextChat allocation size
- debian/patches/CVE-2020-14405.patch: Limit max TextChat size in
libvncclient/rfbproto.c.
- CVE-2020-14405
-- Avital Ostromich <email address hidden> Fri, 10 Jul 2020 15:42:39 -0400
Upload details
- Uploaded by:
- Avital Ostromich
- Uploaded to:
- Focal
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- libs
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| libvncserver_0.9.12+dfsg.orig.tar.xz | 396.7 KiB | 58c878cb9d1b26754076db4326e37032f51cfa25da4852049036e055c54f9fb9 |
| libvncserver_0.9.12+dfsg-9ubuntu0.2.debian.tar.xz | 21.9 KiB | 002fca6dd7f02a68a016c6d15e7cccad54a35c544b1e2f8191e3faa4e2126569 |
| libvncserver_0.9.12+dfsg-9ubuntu0.2.dsc | 2.2 KiB | a2a01454b60ee08225fadc2e94ee5391ee7c5190e1c0dc8378379891f66eb246 |
Available diffs
Binary packages built by this source
- libvncclient1: API to write one's own VNC server - client library
LibVNCServer makes writing a VNC server (or more correctly, a program
exporting a framebuffer via the Remote Frame Buffer protocol) easy. It hides
the programmer from the tedious task of managing clients and compression.
.
This package provides the client library.
- libvncclient1-dbgsym: debug symbols for libvncclient1
- libvncserver-dev: API to write one's own VNC server - development files
LibVNCServer makes writing a VNC server (or more correctly, a program
exporting a framebuffer via the Remote Frame Buffer protocol) easy. It hides
the programmer from the tedious task of managing clients and compression.
.
This is the development package which contains headers and static libraries
for libvncserver.
- libvncserver1: API to write one's own VNC server
LibVNCServer makes writing a VNC server (or more correctly, a program
exporting a framebuffer via the Remote Frame Buffer protocol) easy. It hides
the programmer from the tedious task of managing clients and compression.
.
This package provides the server library.
- libvncserver1-dbgsym: debug symbols for libvncserver1
