Debian Security Advisory
DSA-4799-1 x11vnc -- security update
- Date Reported:
- 28 Nov 2020
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 975875.
In Mitre's CVE dictionary: CVE-2020-29074.
- More information:
Guenal Davalan reported a flaw in x11vnc, a VNC server to allow remote access to an existing X session. x11vnc creates shared memory segments with 0777 mode. A local attacker can take advantage of this flaw for information disclosure, denial of service or interfering with the VNC session of another user on the host.
For the stable distribution (buster), this problem has been fixed in version 0.9.13-6+deb10u1.
We recommend that you upgrade your x11vnc packages.
For the detailed security status of x11vnc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/x11vnc