Debian Security Advisory
DLA-2347-1 libvncserver -- LTS security update
- Date Reported:
- 29 Aug 2020
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2019-20839, CVE-2020-14397, CVE-2020-14399, CVE-2020-14400, CVE-2020-14401, CVE-2020-14402, CVE-2020-14403, CVE-2020-14404, CVE-2020-14405.
- More information:
Several minor vulnerabilities have been discovered in libvncserver, a server and client implementation of the VNC protocol.
libvncclient/sockets.c in LibVNCServer had a buffer overflow via a long socket filename.
libvncserver/rfbregion.c has a NULL pointer dereference.
Byte-aligned data was accessed through uint32_t pointers in libvncclient/rfbproto.c.
NOTE: This issue has been disputed by third parties; there is reportedly
no trust boundary crossed.
Byte-aligned data was accessed through uint16_t pointers in libvncserver/translate.c.
NOTE: This issue has been disputed by third parties. There is no known path of exploitation or cross of a trust boundary.
libvncserver/scale.c had a pixel_value integer overflow.
libvncserver/corre.c allowed out-of-bounds access via encodings.
libvncserver/hextile.c allowed out-of-bounds access via encodings.
libvncserver/rre.c allowed out-of-bounds access via encodings.
libvncclient/rfbproto.c did not limit TextChat size.
For Debian 9 stretch, these problems have been fixed in version 0.9.11+dfsg-1.3~deb9u5.
We recommend that you upgrade your libvncserver packages.
For the detailed security status of libvncserver please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libvncserver
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS