[SECURITY] [DLA 2451-1] libvncserver security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2451-1] libvncserver security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sun, 15 Nov 2020 21:26:03 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2011152124160.14811@postfach.intern.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2451-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
November 15, 2020                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libvncserver
Version        : 0.9.11+dfsg-1.3~deb9u6
CVE ID         : CVE-2020-25708

An issue has been found in libvncserver, an API to write one's own VNCserver.Due to some missing checks, a divide by zero could happen, which couldresult in a denial of service.



For Debian 9 stretch, this problem has been fixed in version
0.9.11+dfsg-1.3~deb9u6.

We recommend that you upgrade your libvncserver packages.

For the detailed security status of libvncserver please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libvncserver

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl+xnOtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEd07BAAhZnmzl/BVVJIaz2qWnqxTyPOheS8DwNq6DdJk34ZbDcfiOr9tkeYwVdU
qOTchNcYkm3oAmUv6P/OS0abVnvC2AH9GkV8tbFE8zuC7X7zn1LqJbe/tu4m159z
vYGtQLcV5oTDJ6zCYhDL6OobDcF/TMnBsqYzHE2yyjJ7b4OyquIas87gWGlMJaIr
Lb2bT4lLusrOzc2aiMPi7YFB2Abj+zSOoeg3Xl0w/orqwFIpZPjfgFwFHa/zT+C0
07H/syEktsUyo1NFYAsCmU7l6eTmjWT5lxdWKtDxVnj3sBxXJUj0S3QlelYYo+e4
xu9jkiJduN39CAiniWLfQaXQ7uhAKIPznfDsa4O7Iu3o69WzgQMSEikzfLHsm/B7
gakk8wXsDbx3xalpKr6mPNSyI/O00edpjqKSGC/nzdcid75MglNIWxJ1Lc6fcfQB
8QsGn1/1jsduXkyb/hC6gdupyf/cxdUmvTZDnlwpxoi3uNs4JrTu5r2rA/tVGlUZ
oBvkUP6IH0LcGchQxlbKt+R51KwUiR2hYbxK8becVTROZlYuOfWuBM3FK+j+SCTc
YYiXfbqwjIU/uHTiB2vsFmaxjQhBEs+dWV//Bs4tZ8bhuiv4xBPQekY9oWzuImCK
uGAuLBWuYJ8lbkQkGCyNVSUDRFVuxZxx823ATQR8Am5PvB740J8=
=lA2A
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2450-1] libproxy security update
Next by Date: [SECURITY] [DLA 2452-1] libdatetime-timezone-perl new upstream version
Previous by thread: [SECURITY] [DLA 2450-1] libproxy security update
Next by thread: [SECURITY] [DLA 2452-1] libdatetime-timezone-perl new upstream version
Index(es):
- Date
- Thread