Debian Long Term Support / LTS Security Information / 2020 / Security Information -- DLA-2264-1 libvncserver

Debian Security Advisory

DLA-2264-1 libvncserver -- LTS security update

Date Reported:

30 Jun 2020

Affected Packages:

libvncserver

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2019-20839, CVE-2020-14397, CVE-2020-14399, CVE-2020-14400, CVE-2020-14401, CVE-2020-14402, CVE-2020-14403, CVE-2020-14404, CVE-2020-14405.

More information:

Several vulnerabilities have been discovered in libVNC (libvncserver Debian package), an implemenantation of the VNC server and client protocol.

• CVE-2019-20839

  libvncclient/sockets.c in LibVNCServer had a buffer overflow via a long socket filename.

• CVE-2020-14397

  libvncserver/rfbregion.c had a NULL pointer dereference.

• CVE-2020-14399

  Byte-aligned data was accessed through uint32_t pointers in libvncclient/rfbproto.c.

• CVE-2020-14400

  Byte-aligned data was accessed through uint16_t pointers in libvncserver/translate.c.

• CVE-2020-14401

  libvncserver/scale.c had a pixel_value integer overflow.

• CVE-2020-14402

  libvncserver/corre.c allowed out-of-bounds access via encodings.

• CVE-2020-14403

  libvncserver/hextile.c allowed out-of-bounds access via encodings.

• CVE-2020-14404

  libvncserver/rre.c allowed out-of-bounds access via encodings.

• CVE-2020-14405

  libvncclient/rfbproto.c does not limit TextChat size.

For Debian 8 Jessie, these problems have been fixed in version 0.9.9+dfsg2-6.1+deb8u8.

We recommend that you upgrade your libvncserver packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS