Your message dated Fri, 29 Nov 2019 00:44:44 +0100
with message-id <[email protected]>
and subject line Re: libvncserver1: Use-after-free on shutdown when clients are
still connected (causing issue for Virtualbox)
has caused the Debian Bug report #905786,
regarding libvncserver1: Use-after-free on shutdown when clients are still
connected (causing issue for Virtualbox)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
905786: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905786
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libvncserver1
Version: 0.9.11+dfsg-1+deb9u1
Severity: important
Tags: patch
In the upstream source of the project, there is an use-after-free that can lead
to an infinite wait of a non-existing thread during the shutdown of the VNC
server if some clients are still connected.
This causing an issue in Virtualbox which uses this package when a VNC client
is connected and that we shutdown the VM (the VM will be stuck in a buggy
state). See https://www.virtualbox.org/ticket/17396 for the ticket in
Virtualbox's bug tracker for more informations.
There is actually a pull request on upstream fixing this issue
(https://github.com/LibVNC/libvncserver/pull/238). There is also another issue,
a segmentation fault in the same use case when we are using a multi-threaded
VNC server (also fixed by the same pull request).
Virtualbox need both fixes to work correctly without a segmentation fault or a
infinite wait and probably some others packages using libvncserver.
The issue isn't present on Jessie with the version 0.9.9 of the package.
-- System Information:
Debian Release: 9.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-7-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libvncserver1 depends on:
ii libc6 2.24-11+deb9u3
ii libgcrypt20 1.7.6-2+deb9u3
ii libgnutls30 3.5.8-5+deb9u3
ii libjpeg62-turbo 1:1.5.1-2
ii zlib1g 1:1.2.8.dfsg-5
libvncserver1 recommends no packages.
libvncserver1 suggests no packages.
--- End Message ---
--- Begin Message ---
Version: 0.9.12+dfsg-1
On Thu, 09 Aug 2018 15:52:29 +0200 Quentin BUATHIER
<[email protected]> wrote:
> Package: libvncserver1
> Version: 0.9.11+dfsg-1+deb9u1
> Severity: important
> Tags: patch
>
> In the upstream source of the project, there is an use-after-free
that can lead
> to an infinite wait of a non-existing thread during the shutdown of
the VNC
> server if some clients are still connected.
>
> This causing an issue in Virtualbox which uses this package when a
VNC client
> is connected and that we shutdown the VM (the VM will be stuck in a buggy
> state). See https://www.virtualbox.org/ticket/17396 for the ticket in
> Virtualbox's bug tracker for more informations.
>
> There is actually a pull request on upstream fixing this issue
> (https://github.com/LibVNC/libvncserver/pull/238). There is also
another issue,
> a segmentation fault in the same use case when we are using a
multi-threaded
> VNC server (also fixed by the same pull request).
>
> Virtualbox need both fixes to work correctly without a segmentation
fault or a
> infinite wait and probably some others packages using libvncserver.
>
> The issue isn't present on Jessie with the version 0.9.9 of the package.
This issue has been resolve upstream and is fixed in 0.9.12.
Thus, closing.
Mike
--- End Message ---
