[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2146-1] libvncserver security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : libvncserver
Version        : 0.9.9+dfsg2-6.1+deb8u7
CVE ID         : CVE-2019-15690
Debian Bug     : 954163


In libvncserver, through libvncclient/cursor.c, there is a possibility
of a heap overflow, as reported by Pavel Cheremushkin.

For Debian 8 "Jessie", this problem has been fixed in version
0.9.9+dfsg2-6.1+deb8u7.

We recommend that you upgrade your libvncserver packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Best,
Utkarsh
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl5xKFkACgkQgj6WdgbD
S5bDwxAAg9nrkT0BLeVDzDVkuGUu8nN0Tb5Mp+KYtxShN7bxcXbm+y52hyq6pnnH
vjysWhNWSp7Nhz5JckYmlATLUgX8cTA15Gzug7b73O6tnXzv69bYU8UKSLsHyQK4
qEy67Ee2/qCXM+OzVg2ui71Bo+aGXBa0uB4Xa5+nleA5BUa4cqTqZC68Amq1fQUr
zw9gjaNUUAoi0LZ5waOGuAGvQOAhbaKNh1gU7omLaTgBUY0+ZC5G5gviXjo8BEsL
MSRM/rx5Q3dFSypany/uYEt5rkncRgsMrVmLYQUtUeimP7fNJyQUaiiVG6M3zrBu
k/9S9QJ8UoXXacQrBoDw+uGo1VWssZAXBtcTNyLYQ+U+aFoLCPm7xfehP2qORRDM
9V71wTta6X0EvqlqGHLPp/JC9ytBbF9CwWb369vuJ0B3YuXOEs9Nr7EfQlBam6Uv
ZZ9i7Ebb3RWiplri4T05K7nkt+CLIFIdks2kki4Ap4ruFmGC0iK9q+bTXevxJGLP
upvpdIwpCFYFbIk1Yedx6GGk3gXWZUjPwCIXoZrENJl2MklvCbebSn1rLHjZ2Cx3
aKnH7GnJVvh2WuCEGqx+4WtAj5mG9+cBPLKEPrC5BCTmLlCy9nu2R8CmvwQq+69A
O2C0UqoSe3A2t1bQoWFFgakCf5XyGjasXf41Kq252WsWaazc/60=
=+9al
-----END PGP SIGNATURE-----


Reply to: