Package : libvncserver Version : 0.9.9+dfsg2-6.1+deb8u8 CVE ID : CVE-2019-20839 CVE-2020-14397 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 CVE-2020-14403 CVE-2020-14404 CVE-2020-14405 Debian Bug :
Several vulnerabilities have been discovered in libVNC (libvncserver Debian package), an implemenantation of the VNC server and client protocol. CVE-2019-20839 libvncclient/sockets.c in LibVNCServer had a buffer overflow via a long socket filename. CVE-2020-14397 libvncserver/rfbregion.c had a NULL pointer dereference. CVE-2020-14399 Byte-aligned data was accessed through uint32_t pointers in libvncclient/rfbproto.c. CVE-2020-14400 Byte-aligned data was accessed through uint16_t pointers in libvncserver/translate.c. CVE-2020-14401 libvncserver/scale.c had a pixel_value integer overflow. CVE-2020-14402 libvncserver/corre.c allowed out-of-bounds access via encodings. CVE-2020-14403 libvncserver/hextile.c allowed out-of-bounds access via encodings. CVE-2020-14404 libvncserver/rre.c allowed out-of-bounds access via encodings. CVE-2020-14405 libvncclient/rfbproto.c does not limit TextChat size. For Debian 8 "Jessie", these problems have been fixed in version 0.9.9+dfsg2-6.1+deb8u8. We recommend that you upgrade your libvncserver packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net
signature.asc
Description: PGP signature