[ubuntu/xenial-security] libvncserver 0.9.10+dfsg-3ubuntu0.16.04.5 (Accepted)

Avital Ostromich avital.ostromich at canonical.com
Thu Jul 23 18:46:51 UTC 2020 

libvncserver (0.9.10+dfsg-3ubuntu0.16.04.5) xenial-security; urgency=medium

  * SECURITY UPDATE: buffer overflow via a long socket filename
    - debian/patches/CVE-2019-20839.patch: Error out if the unix socket name
      would overflow in libvncclient/sockets.c.
    - CVE-2019-20839
  * SECURITY UPDATE: unaligned accesses in hybiReadAndDecode can lead to a
    crash
    - debian/patches/CVE-2019-20840.patch: Ensure a proper stack alignment in 
      libvncserver/websockets.c.
    - CVE-2019-20840
  * SECURITY UPDATE: NULL pointer dereference in region clipping span routine
    - debian/patches/CVE-2020-14397.patch: Add NULL pointer dereference checks
      to libvncserver/rfbregion.c.
    - CVE-2020-14397
  * SECURITY UPDATE: infinite loop due to improperly closed TCP connection
    - debian/patches/CVE-2020-14398.patch: Close the connection after a certain
      number of retries in libvncclient/sockets.c.
    - CVE-2020-14398
  * SECURITY UPDATE: byte-aligned data is accessed through uint32_t pointers
    - debian/patches/CVE-2020-14399.patch: Ensure a proper stack alignment in
      libvncclient/rfbproto.c.
    - CVE-2020-14399
  * SECURITY UPDATE: byte-aligned data is accessed through uint16_t pointers
    - debian/patches/CVE-2020-14400.patch: Ensure a proper stack alignment in
      libvncserver/translate.c.
    - CVE-2020-14400
  * SECURITY UPDATE: integer overflow in bitwise operation on pixel_value
    - debian/patches/CVE-2020-14401.patch: Cast variable to 64 bit before
      performing bitwise operation.
    - CVE-2020-14401
  * SECURITY UPDATE: out-of-bounds access via encodings
    - debian/patches/CVE-2020-14402_CVE-2020-14403_CVE-2020-14404.patch:
      Check bounds before accessing array value in libvncserver/corre.c,
      libvncserver/hextile.c and libvncserver/rre.c
    - CVE-2020-14402
    - CVE-2020-14403
    - CVE-2020-14404
  * SECURITY UPDATE: unchecked TextChat allocation size
    - debian/patches/CVE-2020-14405.patch: Limit max TextChat size in
      libvncclient/rfbproto.c.
    - CVE-2020-14405

Date: 2020-07-21 22:04:18.877758+00:00
Changed-By: Avital Ostromich <avital.ostromich at canonical.com>
https://launchpad.net/ubuntu/+source/libvncserver/0.9.10+dfsg-3ubuntu0.16.04.5
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list