Univention Bugzilla – Bug 52110
(ES 4.3) libvncserver
Last modified: 2020-11-30 12:22:52 CET
Provide libvncserver version 0.9.11+dfsg-1.3~deb9u5 for UCS 4.3 First imported at bug #51925 This update addresses the following issues: * "ConnectClientToUnixSock()" buffer overflow (CVE-2019-20839) * libvncserver/rfbregion.c has a NULL pointer dereference (CVE-2020-14397) * byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c (CVE-2020-14399) * byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c (CVE-2020-14400) * libvncserver/scale.c has a pixel_value integer overflow (CVE-2020-14401) * libvncserver/corre.c allows out-of-bounds access via encodings (CVE-2020-14402) * libvncserver/hextile.c allows out-of-bounds access via encodings (CVE-2020-14403) * libvncserver/rre.c allows out-of-bounds access via encodings (CVE-2020-14404) * libvncclient/rfbproto.c does not limit TextChat size (CVE-2020-14405)
libvncserver1: Installiert: 0.9.11+dfsg-1.3~deb9u5 Installationskandidat: 0.9.11+dfsg-1.3~deb9u5 Versionstabelle: *** 0.9.11+dfsg-1.3~deb9u5 500 500 http://192.168.0.10/build2 ucs_4.3-0-extsec4.3/amd64/ Packages
CLOSED: Released as extsec4.3 update