[ubuntu/bionic-security] libvncserver 0.9.11+dfsg-1ubuntu1.2 (Accepted)

Avital Ostromich avital.ostromich at canonical.com
Wed Jul 1 23:07:32 UTC 2020

libvncserver (0.9.11+dfsg-1ubuntu1.2) bionic-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference in HandleZlibBPP function which
    results in DoS
    - debian/patches/CVE-2019-15680.patch: prevent dereferencing of null
      pointers during decoding in libvncclient/zlib.c and libvncclient/zrle.c.
    - CVE-2019-15680 
  * SECURITY UPDATE: memory leak allows an attacker to read stack memory
    resulting in possible information disclosure
    - debian/patches/CVE-2019-15681.patch: clear a block of memory for the sct
      variable in libvncserver/rfbserver.c.
    - CVE-2019-15681 
  * SECURITY UPDATE: heap buffer overflow caused by large cursor sizes
    - debian/patches/CVE-2019-15690_CVE-2019-20788.patch: limit the size of
      cursor in libvncclient/cursor.c.
    - CVE-2019-15690
    - CVE-2019-20788
  * SECURITY UPDATE: heap-based buffer overflow which allowed easy modification
    of a return address via an overwritten function pointer
    - debian/patches/CVE-2017-18922.patch: fix buffer overflow within the
      websocket decoding functionality in libvncserver/websockets.c.
    - CVE-2017-18922

Date: 2020-07-01 02:30:19.797233+00:00
Changed-By: Avital Ostromich <avital.ostromich at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list