[ubuntu/xenial-updates] libvncserver 0.9.10+dfsg-3ubuntu0.16.04.4 (Accepted)

[Ubuntu Archive Robot]

libvncserver (0.9.10+dfsg-3ubuntu0.16.04.4) xenial-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference in HandleZlibBPP function which
    results in DoS
    - debian/patches/CVE-2019-15680.patch: prevent dereferencing of null
      pointers during decoding in libvncclient/zlib.c and libvncclient/zrle.c.
    - CVE-2019-15680
  * SECURITY UPDATE: memory leak allows an attacker to read stack memory
    resulting in possible information disclosure
    - debian/patches/CVE-2019-15681.patch: clear a block of memory for the sct
      variable in libvncserver/rfbserver.c.
    - CVE-2019-15681
  * SECURITY UPDATE: heap buffer overflow caused by large cursor sizes
    - debian/patches/CVE-2019-15690_CVE-2019-20788.patch: limit the size of
      cursor in libvncclient/cursor.c.
    - CVE-2019-15690
    - CVE-2019-20788
  * SECURITY UPDATE: heap-based buffer overflow which allowed easy modification
    of a return address via an overwritten function pointer
    - debian/patches/CVE-2017-18922.patch: fix buffer overflow within the
      websocket decoding functionality in libvncserver/websockets.c.
    - debian/patches/encode_decode_buffers.patch: split codeBuf variable into
      encode and decode variables, allowing CVE patch to apply.
    - CVE-2017-18922

Date: 2020-07-01 14:54:24.299579+00:00
Changed-By: Avital Ostromich <avital.ostromich at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/libvncserver/0.9.10+dfsg-3ubuntu0.16.04.4
-------------- next part --------------
Sorry, changesfile not available.