[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1652-1] libvncserver security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libvncserver
Version        : 0.9.9+dfsg2-6.1+deb8u5
CVE ID         : CVE-2018-15126 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750

A vulnerability was found by Kaspersky Lab in libvncserver, a C library
to implement VNC server/client functionalities. In addition, some of the
vulnerabilities addressed in DLA 1617-1 were found to have incomplete
fixes, and have been addressed in this update.

CVE-2018-15126

    An attacker can cause denial of service or remote code execution via
    a heap use-after-free issue in the tightvnc-filetransfer extension.

CVE-2018-20748
CVE-2018-20749
CVE-2018-20750

    Some of the out of bound heap write fixes for CVE-2018-20019 and
    CVE-2018-15127 were incomplete. These CVEs address those issues.

For Debian 8 "Jessie", these problems have been fixed in version
0.9.9+dfsg2-6.1+deb8u5.

We recommend that you upgrade your libvncserver packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlxTCM0ACgkQnUbEiOQ2
gwJP1A//Tp4+3c+CrteN1xP+FrgpM+Va9i5hKfD2MroA5BeWltYf5QPVomdJzdAg
ZTV2Q3jz+0bn+FwrDcXhBkAyJo1Axfj2U9fcCaHVs0ncZj/wTs9kYqt7ltqmP01q
JkdKZXbfdMjRB1WsU9zQ6KApUMoTRWvaUmC1UNjWNnAsivBmbv9WEm0o3x0en9nF
3oZUeJrl1BX93PGy1niH6AA3sa5KTca9MgXrefxU/U24bmTshwNs4oAPGZIJIxYJ
B/TB9UGwCf4704aQYJMmf7BanrnZ42dkjmrBcRbHoPuVZ4fPX4dsCrmHUPMRHkj9
fKV3jC/gfTm8n7kYJLyO0M6Bq6rOZr+VAf9nnxsryMDKr4XPIRonI7rkkwanAXNW
qQ3OYkSvusEyU1GHjZh5MKLgw1oSjObqT/Hjd8rcl+O23IZrliZ0PGTU5wRxf8pZ
WJs0Oh8xWT3RsVOVQ1/NpivPfYWa3rYwRKKMHACDkyUdGs0Sk8gqn8ItSaOe2cdi
wBnnTyx5/C4zGetk1jbsPkSl6JNM9oHcVfll7BN3teq5hOrf1CtNZKBQKBhzuwS0
ja9m439cZJE0Su72ehFPdq6iaT+aOnFiCIQthHt1nR5hdZ4cLaj9j6UzFLtM30nS
xIkvfpC0qysCnlJC4uMHDOjms/CpEik4tK5kFSl1VdQ+u91wPOI=
=T7CP
-----END PGP SIGNATURE-----


Reply to: