[SECURITY] [DLA 2347-1] libvncserver security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2347-1] libvncserver security update
From: Mike Gabriel <sunweaver@debian.org>
Date: Fri, 28 Aug 2020 23:36:49 +0200
Message-id: <[🔎] 20200828213647.73f2ialsjy7poogq@minobo.das-netzwerkteam.de>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-------------------------------------------------------------------------
Debian LTS Advisory DLA-2347-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                         Mike Gabriel
August 28, 2020                               https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : libvncserver
Version        : 0.9.11+dfsg-1.3~deb9u5
CVE ID         : CVE-2019-20839 CVE-2020-14397 CVE-2020-14399 CVE-2020-14400 
                 CVE-2020-14401 CVE-2020-14402 CVE-2020-14403 CVE-2020-14404 
                 CVE-2020-14405

Several minor vulnerabilities have been discovered in libvncserver, a
server and client implementation of the VNC protocol.

CVE-2019-20839

    libvncclient/sockets.c in LibVNCServer had a buffer overflow via a
    long socket filename.

CVE-2020-14397

    libvncserver/rfbregion.c has a NULL pointer dereference.

CVE-2020-14399

    Byte-aligned data was accessed through uint32_t pointers in
    libvncclient/rfbproto.c.

    NOTE: This issue has been disputed by third parties; there is
    reportedly "no trust boundary crossed".

CVE-2020-14400

    Byte-aligned data was accessed through uint16_t pointers in
    libvncserver/translate.c.

    NOTE: This issue has been disputed by third parties. There is no
    known path of exploitation or cross of a trust boundary.

CVE-2020-14401

    libvncserver/scale.c had a pixel_value integer overflow.

CVE-2020-14402

    libvncserver/corre.c allowed out-of-bounds access via encodings.

CVE-2020-14403

    libvncserver/hextile.c allowed out-of-bounds access via encodings.

CVE-2020-14404

    libvncserver/rre.c allowed out-of-bounds access via encodings.

CVE-2020-14405

    libvncclient/rfbproto.c did not limit TextChat size.

For Debian 9 stretch, these problems have been fixed in version
0.9.11+dfsg-1.3~deb9u5.

We recommend that you upgrade your libvncserver packages.

For the detailed security status of libvncserver please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libvncserver

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-- 

mike gabriel aka sunweaver (Debian Developer)
fon: +49 (1520) 1976 148

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: sunweaver@debian.org, http://sunweavers.net

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: [SECURITY] [DLA 2346-1] firefox-esr security update
Next by Date: [SECURITY] [DLA 2349-1] php-horde security update
Previous by thread: [SECURITY] [DLA 2346-1] firefox-esr security update
Next by thread: [SECURITY] [DLA 2349-1] php-horde security update
Index(es):
- Date
- Thread