Your message dated Mon, 14 Jan 2019 20:49:14 +0000
with message-id <[email protected]>
and subject line Bug#916941: fixed in libvncserver 0.9.11+dfsg-1.2
has caused the Debian Bug report #916941,
regarding libvncserver: Multiple security vulnerabilities
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
916941: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916941
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libvncserver
X-Debbugs-CC: [email protected]
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for libvncserver.
CVE-2018-15126[0]:
| LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains
| heap use-after-free vulnerability in server code of file transfer
| extension that can result remote code execution
CVE-2018-15127[1]:
| LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains
| heap out-of-bound write vulnerability in server code of file transfer
| extension that can result remote code execution
CVE-2018-20019[2]:
| LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains
| multiple heap out-of-bound write vulnerabilities in VNC client code
| that can result remote code execution
CVE-2018-20020[3]:
| LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains
| heap out-of-bound write vulnerability inside structure in VNC client
| code that can result remote code execution
CVE-2018-20021[4]:
| LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains
| a CWE-835: Infinite loop vulnerability in VNC client code.
| Vulnerability allows attacker to consume excessive amount of resources
| like CPU and RAM
CVE-2018-20022[5]:
| LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains
| multiple weaknesses CWE-665: Improper Initialization vulnerability in
| VNC client code that allows attacker to read stack memory and can be
| abuse for information disclosure. Combined with another vulnerability,
| it can be used to leak stack memory layout and in bypassing ASLR
CVE-2018-20023[6]:
| LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains
| CWE-665: Improper Initialization vulnerability in VNC Repeater client
| code that allows attacker to read stack memory and can be abuse for
| information disclosure. Combined with another vulnerability, it can be
| used to leak stack memory layout and in bypassing ASLR
CVE-2018-20024[7]:
| LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains
| null pointer dereference in VNC client code that can result DoS.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-15126
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15126
[1] https://security-tracker.debian.org/tracker/CVE-2018-15127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15127
[2] https://security-tracker.debian.org/tracker/CVE-2018-20019
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20019
[3] https://security-tracker.debian.org/tracker/CVE-2018-20020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20020
[4] https://security-tracker.debian.org/tracker/CVE-2018-20021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20021
[5] https://security-tracker.debian.org/tracker/CVE-2018-20022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20022
[6] https://security-tracker.debian.org/tracker/CVE-2018-20023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20023
[7] https://security-tracker.debian.org/tracker/CVE-2018-20024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20024
Please adjust the affected versions in the BTS as needed.
Regards,
Markus
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Source: libvncserver
Source-Version: 0.9.11+dfsg-1.2
We believe that the bug you reported is fixed in the latest version of
libvncserver, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated libvncserver
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 02 Jan 2019 16:26:53 +0100
Source: libvncserver
Binary: libvncclient1 libvncserver1 libvncserver-dev libvncserver-config
libvncclient1-dbg libvncserver1-dbg
Architecture: source
Version: 0.9.11+dfsg-1.2
Distribution: unstable
Urgency: high
Maintainer: Peter Spiess-Knafl <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 916941
Description:
libvncclient1 - API to write one's own VNC server - client library
libvncclient1-dbg - debugging symbols for libvncclient
libvncserver-config - API to write one's own VNC server - library utility
libvncserver-dev - API to write one's own VNC server - development files
libvncserver1 - API to write one's own VNC server
libvncserver1-dbg - debugging symbols for libvncserver
Changes:
libvncserver (0.9.11+dfsg-1.2) unstable; urgency=high
.
* Non-maintainer upload.
* Fix multiple security vulnerabilities (Closes: #916941)
- Use-after-free in file transfer extension allows for potential
code execution (CVE-2018-15126)
- Heap out-of-bounds write in
rfbserver.c:rfbProcessFileTransferReadBuffer() allows for
potential code execution (CVE-2018-15127)
- Multiple heap out-of-bound writes in VNC client code
(CVE-2018-20019)
- Heap out-of-bound write inside structure in VNC client code allows
for potential code execution (CVE-2018-20020)
- Infinite loop in VNC client code allows for denial of service
(CVE-2018-20021)
- Improper initialization in VNC client code allows for information
disclosure (CVE-2018-20022)
- Improper initialization in VNC Repeater client code allows for
information disclosure (CVE-2018-20023)
- NULL pointer dereference in VNC client code allows for denial of
service (CVE-2018-20024)
- Use-after-free in file transfer extension server code allows for
potential code execution (CVE-2018-6307)
* Update symbols file for libvncserver1.
The fix for CVE-2018-15126 removes CloseUndoneFileTransfer and
introduces new CloseUndoneFileDownload and CloseUndoneFileUpload.
Checksums-Sha1:
3ec5f78c38f20fe884ffe8d29a223e2ff7534b1b 2561 libvncserver_0.9.11+dfsg-1.2.dsc
a94f5d6d8881a16617919e8bd1e57e104fb209cc 19128
libvncserver_0.9.11+dfsg-1.2.debian.tar.xz
Checksums-Sha256:
cbd1a4cd125472bb4290e923585a2a4f089bd449337066ccca587a7913f19fd6 2561
libvncserver_0.9.11+dfsg-1.2.dsc
18305a97f5985650e3da106374342a021cff20af15d370db068e2b67e086bf79 19128
libvncserver_0.9.11+dfsg-1.2.debian.tar.xz
Files:
bac2a495a871848aeeafce41664fba94 2561 libs optional
libvncserver_0.9.11+dfsg-1.2.dsc
e00d64f7c66117d9792a1a446851dfa6 19128 libs optional
libvncserver_0.9.11+dfsg-1.2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlwuHvFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89Ep9gP/RnE1Pxc9ecwocLiU71HAxf5GtNSL0uV
ar5MP9s7ExVYib4zO6kB/8wHxsRXzRv0sHolBfKMdrxBTmjY+f+GwWTyj8YpMuiq
Nv+xSUNDE1b2h8x8EwH5wo4yAFaAyN+cw6KDqUFJolJtQPnO0shG3a7tEUnrxEm/
zxbsmKTQPR0+qk3XRIipaquIq8TuculZdqX30Jfbypu2/+br39nsVXaCOmbzHpIk
VkJ7BEi9ZWDZZmmqbPMapth+tZuOICnpnzUB/EZ/510Y9QvFYyWOnAHRQ6TZY0e0
lvkOazpLUWBH/M+NNaoTX/Ivr/7mkvegNVdozGvIQ8bys9rL75jamP4kRuZ4LB/8
qnv+yBwcCOioPH1jj6QzfusqetFGd0w7QQQJjLxvhniukB2MdJwt1Qfu/S7qvlFv
YGHN3Dj2QUXDtp3Iv3oBA4n2OsbkrTgky+574NsGrw/o1wzCjuwuajSgYxLLz4G1
PZSCVD4eZqJk2aTch3wa4kzyLchBIfJ8mi5wGVeqONWpBxJ/YaWU0D/7MQ4JVeIK
6cHwErqgklotbMVvaK5KRoq7ogf7a4n2oH+Vjou9tRKoqJnYhrMapJCAhw0dAv5O
D+3bruzWc32LAmSiZYF90XufS5SELj2seXGppR18iQWyKcx2Hcj0paLn+bpiDypx
hf9HZeOpVDIT
=6eme
-----END PGP SIGNATURE-----
--- End Message ---
