libvncserver 0.9.10+dfsg-3ubuntu0.16.04.5 source package in Ubuntu

Changelog

libvncserver (0.9.10+dfsg-3ubuntu0.16.04.5) xenial-security; urgency=medium

  * SECURITY UPDATE: buffer overflow via a long socket filename
    - debian/patches/CVE-2019-20839.patch: Error out if the unix socket name
      would overflow in libvncclient/sockets.c.
    - CVE-2019-20839
  * SECURITY UPDATE: unaligned accesses in hybiReadAndDecode can lead to a
    crash
    - debian/patches/CVE-2019-20840.patch: Ensure a proper stack alignment in
      libvncserver/websockets.c.
    - CVE-2019-20840
  * SECURITY UPDATE: NULL pointer dereference in region clipping span routine
    - debian/patches/CVE-2020-14397.patch: Add NULL pointer dereference checks
      to libvncserver/rfbregion.c.
    - CVE-2020-14397
  * SECURITY UPDATE: infinite loop due to improperly closed TCP connection
    - debian/patches/CVE-2020-14398.patch: Close the connection after a certain
      number of retries in libvncclient/sockets.c.
    - CVE-2020-14398
  * SECURITY UPDATE: byte-aligned data is accessed through uint32_t pointers
    - debian/patches/CVE-2020-14399.patch: Ensure a proper stack alignment in
      libvncclient/rfbproto.c.
    - CVE-2020-14399
  * SECURITY UPDATE: byte-aligned data is accessed through uint16_t pointers
    - debian/patches/CVE-2020-14400.patch: Ensure a proper stack alignment in
      libvncserver/translate.c.
    - CVE-2020-14400
  * SECURITY UPDATE: integer overflow in bitwise operation on pixel_value
    - debian/patches/CVE-2020-14401.patch: Cast variable to 64 bit before
      performing bitwise operation.
    - CVE-2020-14401
  * SECURITY UPDATE: out-of-bounds access via encodings
    - debian/patches/CVE-2020-14402_CVE-2020-14403_CVE-2020-14404.patch:
      Check bounds before accessing array value in libvncserver/corre.c,
      libvncserver/hextile.c and libvncserver/rre.c
    - CVE-2020-14402
    - CVE-2020-14403
    - CVE-2020-14404
  * SECURITY UPDATE: unchecked TextChat allocation size
    - debian/patches/CVE-2020-14405.patch: Limit max TextChat size in
      libvncclient/rfbproto.c.
    - CVE-2020-14405

 -- Avital Ostromich <email address hidden>  Tue, 14 Jul 2020 09:52:11 -0400

Upload details

Uploaded by:
Avital Ostromich on 2020-07-21
Uploaded to:
Xenial
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
libs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
libvncserver_0.9.10+dfsg.orig.tar.xz 379.3 KiB 583f28869b82aec57768d7d18cd7ff81bf092ecbbc1209b587c2c2cd68330250
libvncserver_0.9.10+dfsg-3ubuntu0.16.04.5.debian.tar.xz 46.0 KiB 473170244b7ef675382ba51bd9a6d70842b1f38d1c6ae2245c3b685a38c05191
libvncserver_0.9.10+dfsg-3ubuntu0.16.04.5.dsc 2.3 KiB e7f64986032616762889854c82c0eeb154714d27d3fee6366a14e2c87f84dd04

View changes file

Binary packages built by this source

libvncclient1: API to write one's own VNC server - client library

 LibVNCServer makes writing a VNC server (or more correctly, a program
 exporting a framebuffer via the Remote Frame Buffer protocol) easy. It hides
 the programmer from the tedious task of managing clients and compression.
 .
 This package provides the client library.

libvncclient1-dbg: debugging symbols for libvncclient

 LibVNCServer makes writing a VNC server (or more correctly, a program
 exporting a framebuffer via the Remote Frame Buffer protocol) easy. It hides
 the programmer from the tedious task of managing clients and compression.
 .
 This package contains the debugging symbols for libvncclient.

libvncclient1-dbgsym: debug symbols for package libvncclient1

 LibVNCServer makes writing a VNC server (or more correctly, a program
 exporting a framebuffer via the Remote Frame Buffer protocol) easy. It hides
 the programmer from the tedious task of managing clients and compression.
 .
 This package provides the client library.

libvncserver-config: API to write one's own VNC server - library utility

 LibVNCServer makes writing a VNC server (or more correctly, a program
 exporting a framebuffer via the Remote Frame Buffer protocol) easy. It hides
 the programmer from the tedious task of managing clients and compression.
 .
 This package provides libvncserver-config utility, needed to obtain some
 option of the libvncserver library.

libvncserver-config-dbgsym: debug symbols for package libvncserver-config

 LibVNCServer makes writing a VNC server (or more correctly, a program
 exporting a framebuffer via the Remote Frame Buffer protocol) easy. It hides
 the programmer from the tedious task of managing clients and compression.
 .
 This package provides libvncserver-config utility, needed to obtain some
 option of the libvncserver library.

libvncserver-dev: API to write one's own VNC server - development files

 LibVNCServer makes writing a VNC server (or more correctly, a program
 exporting a framebuffer via the Remote Frame Buffer protocol) easy. It hides
 the programmer from the tedious task of managing clients and compression.
 .
 This is the development package which contains headers and static libraries
 for libvncserver.

libvncserver-dev-dbgsym: debug symbols for package libvncserver-dev

 LibVNCServer makes writing a VNC server (or more correctly, a program
 exporting a framebuffer via the Remote Frame Buffer protocol) easy. It hides
 the programmer from the tedious task of managing clients and compression.
 .
 This is the development package which contains headers and static libraries
 for libvncserver.

libvncserver1: API to write one's own VNC server

 LibVNCServer makes writing a VNC server (or more correctly, a program
 exporting a framebuffer via the Remote Frame Buffer protocol) easy. It hides
 the programmer from the tedious task of managing clients and compression.
 .
 This package provides the server library.

libvncserver1-dbg: debugging symbols for libvncserver

 LibVNCServer makes writing a VNC server (or more correctly, a program
 exporting a framebuffer via the Remote Frame Buffer protocol) easy. It hides
 the programmer from the tedious task of managing clients and compression.
 .
 This package contains the debugging symbols for libvncserver.

libvncserver1-dbgsym: debug symbols for package libvncserver1

 LibVNCServer makes writing a VNC server (or more correctly, a program
 exporting a framebuffer via the Remote Frame Buffer protocol) easy. It hides
 the programmer from the tedious task of managing clients and compression.
 .
 This package provides the server library.