Bug#905786: libvncserver1: Use-after-free on shutdown when clients are still connected (causing issue for Virtualbox)
Hi Quentin,
thanks for reporting the below bug and fixing things upstream...
On Thu, 09 Aug 2018 15:52:29 +0200 Quentin BUATHIER
<qbuathier@tetrane.com> wrote:
> Package: libvncserver1
> Version: 0.9.11+dfsg-1+deb9u1
> Severity: important
> Tags: patch
>
> In the upstream source of the project, there is an use-after-free
that can lead
> to an infinite wait of a non-existing thread during the shutdown of
the VNC
> server if some clients are still connected.
>
> This causing an issue in Virtualbox which uses this package when a
VNC client
> is connected and that we shutdown the VM (the VM will be stuck in a buggy
> state). See https://www.virtualbox.org/ticket/17396 for the ticket in
> Virtualbox's bug tracker for more informations.
>
> There is actually a pull request on upstream fixing this issue
> (https://github.com/LibVNC/libvncserver/pull/238). There is also
another issue,
> a segmentation fault in the same use case when we are using a
multi-threaded
> VNC server (also fixed by the same pull request).
>
> Virtualbox need both fixes to work correctly without a segmentation
fault or a
> infinite wait and probably some others packages using libvncserver.
>
> The issue isn't present on Jessie with the version 0.9.9 of the package.
As the new libvncserver Debian maintainer, I have prepared a test build
and upload candidate for Debian buster of libvncserver that fixes this
issue:
http://packages.sunweavers.net/debian/pool/main/libv/libvncserver/
You can also add "deb http://packages.sunweavers.net/debian buster main"
to your APT configuration and use apt for installing the upload
candidate. (Make sure you disable the repo again afterwards and that you
don't grab other packages from there by accident).
Here is the archive key:
https://packages.sunweavers.net/archive.key
If you don't have time for testing this, I'd appreciate a quick feedback
anyway.
Greets + Thanks,
Mike
Reply to: