Univention Bugzilla – Bug 51703
libvncserver: Multiple issues (4.4)
Last modified: 2020-07-29 16:50:37 CEST
New Debian libvncserver 0.9.11+dfsg-1.3~deb9u4 fixes: This update addresses the following issues: * HandleCursorShape() integer overflow resulting in heap-based buffer overflow (CVE-2019-15690) * integer overflow and heap-based buffer overflow in libvncclient/cursor.c in HandleCursorShape function (CVE-2019-20788)
--- mirror/ftp/4.4/unmaintained/4.4-4/source/libvncserver_0.9.11+dfsg-1.3~deb9u3.dsc +++ apt/ucs_4.4-0-errata4.4-5/source/libvncserver_0.9.11+dfsg-1.3~deb9u4.dsc @@ -1,3 +1,11 @@ +0.9.11+dfsg-1.3~deb9u4 [Tue, 31 Mar 2020 07:56:01 +0200] Mike Gabriel <sunweaver@debian.org>: + + [ Antoni Villalonga ] + * debian/patches: + + Add CVE-2019-15690 patch. libvncclient/cursor: limit + width/height input values. Avoids a possible heap overflow reported + by Pavel Cheremushkin. (Closes: #954163). + 0.9.11+dfsg-1.3~deb9u3 [Wed, 08 Jan 2020 08:22:51 +0100] Mike Gabriel <sunweaver@debian.org>: * Regression update. <http://10.200.17.11/4.4-5/#413696957007289930>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-5] 49204d8c2c Bug #51703: libvncserver 0.9.11+dfsg-1.3~deb9u4 doc/errata/staging/libvncserver.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.4-5] a30d40c63c Bug #51703: libvncserver 0.9.11+dfsg-1.3~deb9u4 doc/errata/staging/libvncserver.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x665>