Univention Bugzilla – Bug 48402
libvncserver: Multiple issues (4.2)
Last modified: 2019-01-09 14:16:40 CET
New Debian libvncserver 0.9.9+dfsg2-6.1+deb8u4 fixes: This update addresses the following issues: * Use-after-free in file transfer extension server code allows for potential code execution (CVE-2018-6307) * Heap out-of-bounds write in rfbserver.c:rfbProcessFileTransferReadBuffer() allows for potential code execution (CVE-2018-15127) * Multiple heap out-of-bound writes in VNC client code (CVE-2018-20019) * Heap out-of-bound write inside structure in VNC client code allows for potential code execution (CVE-2018-20020) * Infinite loop in VNC client code allows for denial of service (CVE-2018-20021) * Improper initialization in VNC client code allows for information disclosure (CVE-2018-20022) * Improper initialization in VNC Repeater client code allows for information disclosure (CVE-2018-20023) * NULL pointer dereference in VNC client code allows for denial of service (CVE-2018-20024)
--- mirror/ftp/4.2/unmaintained/4.2-5/source/libvncserver_0.9.9+dfsg2-6.1+deb8u3.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/libvncserver_0.9.9+dfsg2-6.1+deb8u4.dsc @@ -1,3 +1,18 @@ +0.9.9+dfsg2-6.1+deb8u4 [Sun, 23 Dec 2018 16:21:23 +0530] Abhijith PA <abhijith@debian.org>: + + * Non-maintainer upload by the Debian LTS Team. + * CVE-2018-15127: heap out-of-bound write vulnerability (Closes: #916941) + * CVE-2018-20019: multiple heap out-of-bound write vulnerabilities + * CVE-2018-20020: heap out-of-bound write vulnerability inside structure + in VNC client code + * CVE-2018-20021: CWE-835: Infinite loop vulnerability in VNC client code. + * CVE-2018-20022: CWE-665: Improper Initialization vulnerability + * CVE-2018-20023:Improper Initialization vulnerability in VNC Repeater client + code + * CVE-2018-20024: null pointer dereference that can result DoS + * CVE-2018-6307: heap use-after-free vulnerability in server code of + file transfer extension + 0.9.9+dfsg2-6.1+deb8u3 [Tue, 05 Jun 2018 14:05:57 +0200] Markus Koschany <apo@debian.org>: * Non-maintainer upload. <http://10.200.17.11/4.2-5/#6773918246539366156>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] e8a01a1e23 Bug #48402: libvncserver 0.9.9+dfsg2-6.1+deb8u4 doc/errata/staging/libvncserver.yaml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+)
<http://errata.software-univention.de/ucs/4.2/572.html>