Debian Security Advisory

DSA-4383-1 libvncserver -- security update

Date Reported:
03 Feb 2019
Affected Packages:
libvncserver
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 916941.
In Mitre's CVE dictionary: CVE-2018-6307, CVE-2018-15126, CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024.
More information:

Pavel Cheremushkin discovered several vulnerabilities in libvncserver, a library to implement VNC server/client functionalities, which might result in the execution of arbitrary code, denial of service or information disclosure.

For the stable distribution (stretch), these problems have been fixed in version 0.9.11+dfsg-1.3~deb9u1.

We recommend that you upgrade your libvncserver packages.

For the detailed security status of libvncserver please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libvncserver