Debian Security Advisory

DLA-1652-1 libvncserver -- LTS security update

Date Reported:
31 Jan 2019
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2018-15126, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750.
More information:

A vulnerability was found by Kaspersky Lab in libvncserver, a C library to implement VNC server/client functionalities. In addition, some of the vulnerabilities addressed in DLA 1617-1 were found to have incomplete fixes, and have been addressed in this update.

For Debian 8 Jessie, these problems have been fixed in version 0.9.9+dfsg2-6.1+deb8u5.

We recommend that you upgrade your libvncserver packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: