Bug#905786: marked as done (libvncserver1: Use-after-free on shutdown when clients are still connected (causing issue for Virtualbox))

To: Mike Gabriel <sunweaver@debian.org>
Subject: Bug#905786: marked as done (libvncserver1: Use-after-free on shutdown when clients are still connected (causing issue for Virtualbox))
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 21 Dec 2019 19:06:09 +0000
Message-id: <[🔎] handler.905786.D905786.157695495620186.ackdone@bugs.debian.org>
Reply-to: 905786@bugs.debian.org
References: <E1iik1J-00095m-7B@fasolo.debian.org> <153382274994.1799.14886863061739684208.reportbug@rick.tetrane.com>

Your message dated Sat, 21 Dec 2019 19:02:33 +0000
with message-id <E1iik1J-00095m-7B@fasolo.debian.org>
and subject line Bug#905786: fixed in libvncserver 0.9.11+dfsg-1.3~deb9u2
has caused the Debian Bug report #905786,
regarding libvncserver1: Use-after-free on shutdown when clients are still connected (causing issue for Virtualbox)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
905786: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905786
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libvncserver1: Use-after-free on shutdown when clients are still connected (causing issue for Virtualbox)
From: Quentin BUATHIER <qbuathier@tetrane.com>
Date: Thu, 09 Aug 2018 15:52:29 +0200
Message-id: <153382274994.1799.14886863061739684208.reportbug@rick.tetrane.com>

Package: libvncserver1
Version: 0.9.11+dfsg-1+deb9u1
Severity: important
Tags: patch

In the upstream source of the project, there is an use-after-free that can lead
to an infinite wait of a non-existing thread during the shutdown of the VNC
server if some clients are still connected.

This causing an issue in Virtualbox which uses this package when a VNC client
is connected and that we shutdown the VM (the VM will be stuck in a buggy
state). See https://www.virtualbox.org/ticket/17396 for the ticket in
Virtualbox's bug tracker for more informations.

There is actually a pull request on upstream fixing this issue
(https://github.com/LibVNC/libvncserver/pull/238). There is also another issue,
a segmentation fault in the same use case when we are using a multi-threaded
VNC server (also fixed by the same pull request).

Virtualbox need both fixes to work correctly without a segmentation fault or a
infinite wait and probably some others packages using libvncserver.

The issue isn't present on Jessie with the version 0.9.9 of the package.



-- System Information:
Debian Release: 9.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-7-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libvncserver1 depends on:
ii  libc6            2.24-11+deb9u3
ii  libgcrypt20      1.7.6-2+deb9u3
ii  libgnutls30      3.5.8-5+deb9u3
ii  libjpeg62-turbo  1:1.5.1-2
ii  zlib1g           1:1.2.8.dfsg-5

libvncserver1 recommends no packages.

libvncserver1 suggests no packages.

--- End Message ---

--- Begin Message ---

To: 905786-close@bugs.debian.org
Subject: Bug#905786: fixed in libvncserver 0.9.11+dfsg-1.3~deb9u2
From: Mike Gabriel <sunweaver@debian.org>
Date: Sat, 21 Dec 2019 19:02:33 +0000
Message-id: <E1iik1J-00095m-7B@fasolo.debian.org>

Source: libvncserver
Source-Version: 0.9.11+dfsg-1.3~deb9u2

We believe that the bug you reported is fixed in the latest version of
libvncserver, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 905786@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Gabriel <sunweaver@debian.org> (supplier of updated libvncserver package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 16 Dec 2019 11:08:42 +0100
Source: libvncserver
Architecture: source
Version: 0.9.11+dfsg-1.3~deb9u2
Distribution: stretch
Urgency: medium
Maintainer: Peter Spiess-Knafl <dev@spiessknafl.at>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Closes: 880531 905786 943793
Changes:
 libvncserver (0.9.11+dfsg-1.3~deb9u2) stretch; urgency=medium
 .
   * CVE-2019-15681:
     + rfbserver: don't leak stack memory to the remote. (Closes: #943793).
   * debian/patches:
     + Trivial patch rebasing.
     + Add 3 use-after-free patches. Resolve a freeze during connection
       closure and a segmentation fault on multi-threaded VNC servers. (Closes:
       #905786).
     + Add 0002-set-true-color-flag-to-1.patch. Fix connecting to VMware servers.
       (Closes: #880531).
Checksums-Sha1:
 743692ad8dc1a4a4569f447a02b719174e016aa6 2463 libvncserver_0.9.11+dfsg-1.3~deb9u2.dsc
 9ff36c8dcf566f4badde6e3d199a74a723e384dd 22652 libvncserver_0.9.11+dfsg-1.3~deb9u2.debian.tar.xz
 dcbb4a90bfdea47044ae972040874f98f939e20f 7212 libvncserver_0.9.11+dfsg-1.3~deb9u2_source.buildinfo
Checksums-Sha256:
 eb6e0ecbceb91e96c02422a0d937b9a1b0bfa2d1ec36b3e01d60e43ebfcd70d7 2463 libvncserver_0.9.11+dfsg-1.3~deb9u2.dsc
 b600e935b5a25b52192407e03fc91e4aa667fc10e2cf0ef99684c3d5c88dbd89 22652 libvncserver_0.9.11+dfsg-1.3~deb9u2.debian.tar.xz
 5d54792938c6709e41acb1096a8332990927fde7b382fe4f5eae380b2246aa36 7212 libvncserver_0.9.11+dfsg-1.3~deb9u2_source.buildinfo
Files:
 43ca10dc7baef25e62dc2f0e4fe2dc9d 2463 libs optional libvncserver_0.9.11+dfsg-1.3~deb9u2.dsc
 06d5745952a59ee91d7521e8c2d6a6ca 22652 libs optional libvncserver_0.9.11+dfsg-1.3~deb9u2.debian.tar.xz
 560f77c1a3749fe1e646aa05439ab8f0 7212 libs optional libvncserver_0.9.11+dfsg-1.3~deb9u2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl33WOkVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxohsP/1wxOd3RifEBFy6rBGESi5qmNAGT
+3FuX98idptSXQQIlAGckbChKWFKbcaQRtfS2RkTjhGYWiGs/AE5qwC170v26OrA
1W0kf2Rm1k9OxWLec309b0wg81GCLTUcKamSfGXotjTk2lUYw0Rd7B0CLHxgvuPe
fBsydEHVnkw5U8lYzX2tUfEJQTRHnI2yICFOUjEAGuB0Dv3Rkm2/IjLxH57rOrcH
GP5Iu4cJmmWyhUBkLy6v/x5KWV8WmWe6Ux6Hyo9uKVyuNUDm5oJOwGCqmij0aV2w
P7mbhf9BJmvLc2wX97hC+S3uNJI/xdbfH4vKwFWvQlcRjZ/af2ObkQbxKZ/4mEGK
4eGWoykBRndqiL4WMFgmvsV46cx95Xw4NZu9O7N5IiKBiLQxDLgeugOoDlcn+cLH
KEe7gjbdxRhil86m+w/YsSeLkbVGsFsmHkve36jDAmIHQvuvAopb2VQ6b5JLF8jF
MZGIloMmDHEfNdjy8WO2c7l9ZWJejeFQ72t+y43fzlUdEVLY/5bmSSi0VOgsacIh
AZzh7anL2DT/D8mU7VbCkhV9obGbNIKhERVOeXCgBaMU9L05RBEPtijL9f/kFVGH
pfrv9/m5ZpxGZseicpa2o3TW8qyLRis/eHgOKT3h+DHMwBX/vxur5lESoSUOxhXO
2wA1K03rSKIxwWQG
=6oiL
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#880531: marked as done (libvncclient1: Can't connect to VMware)
Next by Date: Bug#943793: marked as done (libvncserver: CVE-2019-15681)
Previous by thread: Bug#905786: marked as done (libvncserver1: Use-after-free on shutdown when clients are still connected (causing issue for Virtualbox))
Next by thread: Bug#943793: marked as done (libvncserver: CVE-2019-15681)
Index(es):
- Date
- Thread