========================================================================== Ubuntu Security Notice USN-8463-1 June 23, 2026
libvncserver vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in LibVNCServer. Software Description: - libvncserver: vnc server library Details: It was discovered that LibVNCServer had a memory leak in the client cleanup function. An attacker could possibly use this issue to cause LibVNCServer to consume memory, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2020-29260) It was discovered that LibVNCServer did not properly validate bounds when handling UltraZip encoding subrectangles. A remote attacker could possibly use this issue to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.04. (CVE-2026-32853) It was discovered that LibVNCServer did not properly validate return values in the HTTP proxy handlers. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.04. (CVE-2026-32854) It was discovered that LibVNCServer did not properly handle Tight encoding gradient filter rectangles. A remote attacker could use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-44988) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libvncclient1 0.9.15+dfsg-3ubuntu0.1 libvncserver1 0.9.15+dfsg-3ubuntu0.1 Ubuntu 25.10 libvncclient1 0.9.15+dfsg-1ubuntu0.1 libvncserver1 0.9.15+dfsg-1ubuntu0.1 Ubuntu 24.04 LTS libvncclient1 0.9.14+dfsg-1ubuntu0.1 libvncserver1 0.9.14+dfsg-1ubuntu0.1 Ubuntu 22.04 LTS libvncclient1 0.9.13+dfsg-3ubuntu0.1 libvncserver1 0.9.13+dfsg-3ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8463-1 CVE-2020-29260, CVE-2026-32853, CVE-2026-32854, CVE-2026-44988 Package Information: https://launchpad.net/ubuntu/+source/libvncserver/0.9.15+dfsg-3ubuntu0.1 https://launchpad.net/ubuntu/+source/libvncserver/0.9.15+dfsg-1ubuntu0.1 https://launchpad.net/ubuntu/+source/libvncserver/0.9.14+dfsg-1ubuntu0.1 https://launchpad.net/ubuntu/+source/libvncserver/0.9.13+dfsg-3ubuntu0.1
signature.asc
Description: OpenPGP digital signature
