Security Information / 2020 / Security Information -- DSA-4799-1 x11vnc

Debian Security Advisory

DSA-4799-1 x11vnc -- security update

Date Reported:

28 Nov 2020

Affected Packages:

x11vnc

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 975875.
In Mitre's CVE dictionary: CVE-2020-29074.

More information:

Guenal Davalan reported a flaw in x11vnc, a VNC server to allow remote access to an existing X session. x11vnc creates shared memory segments with 0777 mode. A local attacker can take advantage of this flaw for information disclosure, denial of service or interfering with the VNC session of another user on the host.

For the stable distribution (buster), this problem has been fixed in version 0.9.13-6+deb10u1.

We recommend that you upgrade your x11vnc packages.

For the detailed security status of x11vnc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/x11vnc