Bug 51703 - libvncserver: Multiple issues (4.4)
libvncserver: Multiple issues (4.4)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.4
All Linux
: P3 normal (vote)
: UCS 4.4-5-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-07-22 15:01 CEST by Quality Assurance
Modified: 2020-07-29 16:50 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2020-07-22 15:01:46 CEST
New Debian libvncserver 0.9.11+dfsg-1.3~deb9u4 fixes:
This update addresses the following issues:
* HandleCursorShape() integer overflow resulting in heap-based buffer  overflow (CVE-2019-15690)
* integer overflow and heap-based buffer overflow in libvncclient/cursor.c in  HandleCursorShape function (CVE-2019-20788)
Comment 1 Quality Assurance univentionstaff 2020-07-23 13:15:56 CEST
--- mirror/ftp/4.4/unmaintained/4.4-4/source/libvncserver_0.9.11+dfsg-1.3~deb9u3.dsc
+++ apt/ucs_4.4-0-errata4.4-5/source/libvncserver_0.9.11+dfsg-1.3~deb9u4.dsc
@@ -1,3 +1,11 @@
+0.9.11+dfsg-1.3~deb9u4 [Tue, 31 Mar 2020 07:56:01 +0200] Mike Gabriel <sunweaver@debian.org>:
+
+  [ Antoni Villalonga ]
+  * debian/patches:
+    + Add CVE-2019-15690 patch. libvncclient/cursor: limit
+      width/height input values. Avoids a possible heap overflow reported
+      by Pavel Cheremushkin. (Closes: #954163).
+
 0.9.11+dfsg-1.3~deb9u3 [Wed, 08 Jan 2020 08:22:51 +0100] Mike Gabriel <sunweaver@debian.org>:
 
   * Regression update.

<http://10.200.17.11/4.4-5/#413696957007289930>
Comment 2 Philipp Hahn univentionstaff 2020-07-23 16:36:26 CEST
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.4-5] 49204d8c2c Bug #51703: libvncserver 0.9.11+dfsg-1.3~deb9u4
 doc/errata/staging/libvncserver.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

[4.4-5] a30d40c63c Bug #51703: libvncserver 0.9.11+dfsg-1.3~deb9u4
 doc/errata/staging/libvncserver.yaml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)