Bug#905786: marked as done (libvncserver1: Use-after-free on shutdown when clients are still connected (causing issue for Virtualbox))

To: Mike Gabriel <sunweaver@debian.org>
Subject: Bug#905786: marked as done (libvncserver1: Use-after-free on shutdown when clients are still connected (causing issue for Virtualbox))
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 21 Dec 2019 18:33:06 +0000
Message-id: <[🔎] handler.905786.D905786.15769531348471.ackdone@bugs.debian.org>
Reply-to: 905786@bugs.debian.org
References: <E1iijXv-0004S2-Dj@fasolo.debian.org> <153382274994.1799.14886863061739684208.reportbug@rick.tetrane.com>

Your message dated Sat, 21 Dec 2019 18:32:11 +0000
with message-id <E1iijXv-0004S2-Dj@fasolo.debian.org>
and subject line Bug#905786: fixed in libvncserver 0.9.11+dfsg-1.3+deb10u1
has caused the Debian Bug report #905786,
regarding libvncserver1: Use-after-free on shutdown when clients are still connected (causing issue for Virtualbox)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
905786: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905786
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libvncserver1: Use-after-free on shutdown when clients are still connected (causing issue for Virtualbox)
From: Quentin BUATHIER <qbuathier@tetrane.com>
Date: Thu, 09 Aug 2018 15:52:29 +0200
Message-id: <153382274994.1799.14886863061739684208.reportbug@rick.tetrane.com>

Package: libvncserver1
Version: 0.9.11+dfsg-1+deb9u1
Severity: important
Tags: patch

In the upstream source of the project, there is an use-after-free that can lead
to an infinite wait of a non-existing thread during the shutdown of the VNC
server if some clients are still connected.

This causing an issue in Virtualbox which uses this package when a VNC client
is connected and that we shutdown the VM (the VM will be stuck in a buggy
state). See https://www.virtualbox.org/ticket/17396 for the ticket in
Virtualbox's bug tracker for more informations.

There is actually a pull request on upstream fixing this issue
(https://github.com/LibVNC/libvncserver/pull/238). There is also another issue,
a segmentation fault in the same use case when we are using a multi-threaded
VNC server (also fixed by the same pull request).

Virtualbox need both fixes to work correctly without a segmentation fault or a
infinite wait and probably some others packages using libvncserver.

The issue isn't present on Jessie with the version 0.9.9 of the package.



-- System Information:
Debian Release: 9.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-7-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libvncserver1 depends on:
ii  libc6            2.24-11+deb9u3
ii  libgcrypt20      1.7.6-2+deb9u3
ii  libgnutls30      3.5.8-5+deb9u3
ii  libjpeg62-turbo  1:1.5.1-2
ii  zlib1g           1:1.2.8.dfsg-5

libvncserver1 recommends no packages.

libvncserver1 suggests no packages.

--- End Message ---

--- Begin Message ---

To: 905786-close@bugs.debian.org
Subject: Bug#905786: fixed in libvncserver 0.9.11+dfsg-1.3+deb10u1
From: Mike Gabriel <sunweaver@debian.org>
Date: Sat, 21 Dec 2019 18:32:11 +0000
Message-id: <E1iijXv-0004S2-Dj@fasolo.debian.org>

Source: libvncserver
Source-Version: 0.9.11+dfsg-1.3+deb10u1

We believe that the bug you reported is fixed in the latest version of
libvncserver, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 905786@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Gabriel <sunweaver@debian.org> (supplier of updated libvncserver package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 03 Dec 2019 09:18:57 +0100
Source: libvncserver
Architecture: source
Version: 0.9.11+dfsg-1.3+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Peter Spiess-Knafl <dev@spiessknafl.at>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Closes: 880531 905786 943793
Changes:
 libvncserver (0.9.11+dfsg-1.3+deb10u1) buster; urgency=medium
 .
   * CVE-2019-15681: rfbserver: don't leak stack memory to the remote. (Closes:
     #943793).
   * debian/patches:
     + Trivial patch rebasing.
     + Add 3 use-after-free patches. Resolve a freeze during connection closure and a
       segmentation fault on multi-threaded VNC servers. (Closes: #905786).
     + Add 0002-set-true-color-flag-to-1.patch. Fix connecting to VMware servers.
       (Closes: #880531).
Checksums-Sha1:
 68c8384f21515664e6a4f8bdcfc998a66b32d293 2467 libvncserver_0.9.11+dfsg-1.3+deb10u1.dsc
 a0c10a557c68aa604d87ebacb9d3651b891812aa 22592 libvncserver_0.9.11+dfsg-1.3+deb10u1.debian.tar.xz
 36548d1d30dd9c68815bb3d23b4e19bc9d3e7c0c 7216 libvncserver_0.9.11+dfsg-1.3+deb10u1_source.buildinfo
Checksums-Sha256:
 a6838380dedfdd90d960d2068030f9177b83a9f57e82097075eb798cba0129c4 2467 libvncserver_0.9.11+dfsg-1.3+deb10u1.dsc
 1933e3ecde58b516895bf783e641d7f77a40ced8a38145096160b677fce57dca 22592 libvncserver_0.9.11+dfsg-1.3+deb10u1.debian.tar.xz
 c8cf84b2142ed61685ad74aae374d0c393301637ead23fec6eba24f152e747de 7216 libvncserver_0.9.11+dfsg-1.3+deb10u1_source.buildinfo
Files:
 0e2e1d3e7d8ff3d8c119ae3a30b6748d 2467 libs optional libvncserver_0.9.11+dfsg-1.3+deb10u1.dsc
 444e39b7b634b16e141f4aa050b14279 22592 libs optional libvncserver_0.9.11+dfsg-1.3+deb10u1.debian.tar.xz
 0956fe16fd5c14c1de840e1422b7fc06 7216 libs optional libvncserver_0.9.11+dfsg-1.3+deb10u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl33VaAVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxWQgQALEj8qryVNjMROH2+GYpZAy/sOjp
5Z1Yn5LTiTrpsEyMnD3mm4bIcOdsAXxK8UgeeuamSHCfqDL7l6fzm3cwxgP9p9pA
4GZ6J7luekBQTqX0oZ+wiCtZzhmLq+09mF4xhGMXk+2hsVD+HT7HX1vxrW/ivYQH
BwfRA8WY3B/A5wHJHCuc23q48L8jesuNeOvO1taEtytp5mJWoKYDoUXN4KQF97QY
Yb39+RzcY0sR0wVGCzQ/rTObc1S5t5byJG2LJwag3zr4AAetfIcknSVRPU/K+dRH
81ox9EPxEMqf0G4+0qYITAkSysZs7evvR3q2/6nJvGVmEzAgZy7Y9TJKeKJL0x6E
FXbWQjde6icUmPsy4o1wNyuFZ61mMDaLwAUpghaOS8QjJ8bq6pULtRvKbzjKZXR+
fPlfLSH0x5N/FSl7QZTqPG036oHcU9Yt1gNwKm1xj0Lx4/Jk7/KVxIOrEHl9Vr67
0fKaG88x1twqT1NYpxJgzd+ILtUDsYLwwJd500NXwEuZMG6Mgw1d8F8l2aKf9yt1
athyzKowrGhCWK2DEVMx/QVAra2FeOfuJkVhhNOsBkagRxegPvBSPY4FaOXz1vKk
sJE37xLpEJDoXjYcln6//+W1yZDXngF4ScmMRkCO3au7SR9cqhkTs4OOTWJ/c3SH
t72YjGQYedxwKmhn
=M+H1
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#880531: marked as done (libvncclient1: Can't connect to VMware)
Next by Date: Bug#943793: marked as done (libvncserver: CVE-2019-15681)
Previous by thread: Bug#880531: marked as done (libvncclient1: Can't connect to VMware)
Next by thread: Bug#905786: marked as done (libvncserver1: Use-after-free on shutdown when clients are still connected (causing issue for Virtualbox))
Index(es):
- Date
- Thread