-
libvncserver (0.9.11+dfsg-1ubuntu1.4) bionic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2020-25708.patch: fix possible divide-by-zero in
libvncserver/rfbserver.c.
- CVE-2020-25708
-- <email address hidden> (Leonidas S. Barbosa) Mon, 16 Nov 2020 09:44:40 -0300
-
libvncserver (0.9.11+dfsg-1ubuntu1.3) bionic-security; urgency=medium
* SECURITY UPDATE: buffer overflow via a long socket filename
- debian/patches/CVE-2019-20839.patch: Error out if the unix socket name
would overflow in libvncclient/sockets.c.
- CVE-2019-20839
* SECURITY UPDATE: unaligned accesses in hybiReadAndDecode can lead to a
crash
- debian/patches/CVE-2019-20840.patch: Ensure a proper stack alignment in
libvncserver/websockets.c.
- CVE-2019-20840
* SECURITY UPDATE: NULL pointer dereference in region clipping span routine
- debian/patches/CVE-2020-14397.patch: Add NULL pointer dereference checks
to libvncserver/rfbregion.c.
- CVE-2020-14397
* SECURITY UPDATE: infinite loop due to improperly closed TCP connection
- debian/patches/CVE-2020-14398.patch: Close the connection after a certain
number of retries in libvncclient/sockets.c.
- CVE-2020-14398
* SECURITY UPDATE: byte-aligned data is accessed through uint32_t pointers
- debian/patches/CVE-2020-14399.patch: Ensure a proper stack alignment in
libvncclient/rfbproto.c.
- CVE-2020-14399
* SECURITY UPDATE: byte-aligned data is accessed through uint16_t pointers
- debian/patches/CVE-2020-14400.patch: Ensure a proper stack alignment in
libvncserver/translate.c.
- CVE-2020-14400
* SECURITY UPDATE: integer overflow in bitwise operation on pixel_value
- debian/patches/CVE-2020-14401.patch: Cast variable to 64 bit before
performing bitwise operation.
- CVE-2020-14401
* SECURITY UPDATE: out-of-bounds access via encodings
- debian/patches/CVE-2020-14402_CVE-2020-14403_CVE-2020-14404.patch:
Check bounds before accessing array value in libvncserver/corre.c,
libvncserver/hextile.c and libvncserver/rre.c
- CVE-2020-14402
- CVE-2020-14403
- CVE-2020-14404
* SECURITY UPDATE: unchecked TextChat allocation size
- debian/patches/CVE-2020-14405.patch: Limit max TextChat size in
libvncclient/rfbproto.c.
- CVE-2020-14405
-- Avital Ostromich <email address hidden> Mon, 13 Jul 2020 16:01:32 -0400
-
libvncserver (0.9.11+dfsg-1ubuntu1.2) bionic-security; urgency=medium
* SECURITY UPDATE: null pointer dereference in HandleZlibBPP function which
results in DoS
- debian/patches/CVE-2019-15680.patch: prevent dereferencing of null
pointers during decoding in libvncclient/zlib.c and libvncclient/zrle.c.
- CVE-2019-15680
* SECURITY UPDATE: memory leak allows an attacker to read stack memory
resulting in possible information disclosure
- debian/patches/CVE-2019-15681.patch: clear a block of memory for the sct
variable in libvncserver/rfbserver.c.
- CVE-2019-15681
* SECURITY UPDATE: heap buffer overflow caused by large cursor sizes
- debian/patches/CVE-2019-15690_CVE-2019-20788.patch: limit the size of
cursor in libvncclient/cursor.c.
- CVE-2019-15690
- CVE-2019-20788
* SECURITY UPDATE: heap-based buffer overflow which allowed easy modification
of a return address via an overwritten function pointer
- debian/patches/CVE-2017-18922.patch: fix buffer overflow within the
websocket decoding functionality in libvncserver/websockets.c.
- CVE-2017-18922
-- Avital Ostromich <email address hidden> Tue, 30 Jun 2020 11:54:51 -0400
-
libvncserver (0.9.11+dfsg-1ubuntu1.1) bionic-security; urgency=medium
* SECURITY UPDATE: Multiple security issues
- debian/patches/CVE-2018-*.patch: add upstream commits to fix
multiple security issues.
- debian/libvncserver1.symbols: updated for new symbols.
- CVE-2018-6307, CVE-2018-15126, CVE-2018-15127, CVE-2018-20019,
CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023,
CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750
-- Marc Deslauriers <email address hidden> Wed, 30 Jan 2019 13:22:39 -0500
-
libvncserver (0.9.11+dfsg-1ubuntu1) bionic; urgency=medium
* SECURITY UPDATE: integer overflow or memory access
- debian/patches/CVE-2018-7225.patch: limit client cut text length to
1 MB in libvncserver/rfbserver.c.
- CVE-2018-7225
-- Marc Deslauriers <email address hidden> Fri, 30 Mar 2018 10:33:35 -0400
-
libvncserver (0.9.11+dfsg-1) unstable; urgency=high
* New upstream release, containing security fixes for
- CVE-2016-9941
- CVE-2016-9942
* Remove upstream applied patches
-- Peter Spiess-Knafl <email address hidden> Tue, 03 Jan 2017 11:50:27 +0100
