Bug#905786: marked as done (libvncserver1: Use-after-free on shutdown when clients are still connected (causing issue for Virtualbox))

To: Mike Gabriel <sunweaver@debian.org>
Subject: Bug#905786: marked as done (libvncserver1: Use-after-free on shutdown when clients are still connected (causing issue for Virtualbox))
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sun, 12 Jan 2020 15:21:09 +0000
Message-id: <[🔎] handler.905786.D905786.157884225732265.ackdone@bugs.debian.org>
Reply-to: 905786@bugs.debian.org
References: <E1iqeze-000AT5-GA@fasolo.debian.org> <153382274994.1799.14886863061739684208.reportbug@rick.tetrane.com>

Your message dated Sun, 12 Jan 2020 15:17:34 +0000
with message-id <E1iqeze-000AT5-GA@fasolo.debian.org>
and subject line Bug#905786: fixed in libvncserver 0.9.11+dfsg-1.3~deb9u3
has caused the Debian Bug report #905786,
regarding libvncserver1: Use-after-free on shutdown when clients are still connected (causing issue for Virtualbox)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
905786: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905786
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libvncserver1: Use-after-free on shutdown when clients are still connected (causing issue for Virtualbox)
From: Quentin BUATHIER <qbuathier@tetrane.com>
Date: Thu, 09 Aug 2018 15:52:29 +0200
Message-id: <153382274994.1799.14886863061739684208.reportbug@rick.tetrane.com>

Package: libvncserver1
Version: 0.9.11+dfsg-1+deb9u1
Severity: important
Tags: patch

In the upstream source of the project, there is an use-after-free that can lead
to an infinite wait of a non-existing thread during the shutdown of the VNC
server if some clients are still connected.

This causing an issue in Virtualbox which uses this package when a VNC client
is connected and that we shutdown the VM (the VM will be stuck in a buggy
state). See https://www.virtualbox.org/ticket/17396 for the ticket in
Virtualbox's bug tracker for more informations.

There is actually a pull request on upstream fixing this issue
(https://github.com/LibVNC/libvncserver/pull/238). There is also another issue,
a segmentation fault in the same use case when we are using a multi-threaded
VNC server (also fixed by the same pull request).

Virtualbox need both fixes to work correctly without a segmentation fault or a
infinite wait and probably some others packages using libvncserver.

The issue isn't present on Jessie with the version 0.9.9 of the package.



-- System Information:
Debian Release: 9.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-7-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libvncserver1 depends on:
ii  libc6            2.24-11+deb9u3
ii  libgcrypt20      1.7.6-2+deb9u3
ii  libgnutls30      3.5.8-5+deb9u3
ii  libjpeg62-turbo  1:1.5.1-2
ii  zlib1g           1:1.2.8.dfsg-5

libvncserver1 recommends no packages.

libvncserver1 suggests no packages.

--- End Message ---

--- Begin Message ---

To: 905786-close@bugs.debian.org
Subject: Bug#905786: fixed in libvncserver 0.9.11+dfsg-1.3~deb9u3
From: Mike Gabriel <sunweaver@debian.org>
Date: Sun, 12 Jan 2020 15:17:34 +0000
Message-id: <E1iqeze-000AT5-GA@fasolo.debian.org>

Source: libvncserver
Source-Version: 0.9.11+dfsg-1.3~deb9u3

We believe that the bug you reported is fixed in the latest version of
libvncserver, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 905786@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Gabriel <sunweaver@debian.org> (supplier of updated libvncserver package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 08 Jan 2020 08:22:51 +0100
Source: libvncserver
Architecture: source
Version: 0.9.11+dfsg-1.3~deb9u3
Distribution: stretch
Urgency: medium
Maintainer: Peter Spiess-Knafl <dev@spiessknafl.at>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Closes: 905786
Changes:
 libvncserver (0.9.11+dfsg-1.3~deb9u3) stretch; urgency=medium
 .
   * Regression update.
 .
   * debian/patches: Add use-after-free/{4,5,6}.patch. All cherry-picked from
     upstream. Resolves crashing of x11vnc when vncviewer connects. (Closes:
     #905786).
Checksums-Sha1:
 880ad7826db9799f7eaa06aeb1a0ca6138609e29 2463 libvncserver_0.9.11+dfsg-1.3~deb9u3.dsc
 dc8bb79ee2f1d210d8e091bf4ad703aa4002a938 23300 libvncserver_0.9.11+dfsg-1.3~deb9u3.debian.tar.xz
 b889e41191ac7e47eeb89102cff2dd387d8763df 7212 libvncserver_0.9.11+dfsg-1.3~deb9u3_source.buildinfo
Checksums-Sha256:
 93e46aeb75ec8ea45c9a8807a0b70fedc5a4930ae5b0a940d51a949eda0915cf 2463 libvncserver_0.9.11+dfsg-1.3~deb9u3.dsc
 de556a00a2c45d98e92ff4cdc1f3cb2da957dbe0d7258fb7602e9e390c41851a 23300 libvncserver_0.9.11+dfsg-1.3~deb9u3.debian.tar.xz
 a2e1f4e9ed7a5810df70464e633eb535ee682b3cfcea7c345ce27f26b395c840 7212 libvncserver_0.9.11+dfsg-1.3~deb9u3_source.buildinfo
Files:
 e953d683a27d7475971b79af925f1a74 2463 libs optional libvncserver_0.9.11+dfsg-1.3~deb9u3.dsc
 71f259a76d28fbd5f7ea3c3d6a4ab1e6 23300 libs optional libvncserver_0.9.11+dfsg-1.3~deb9u3.debian.tar.xz
 aafaa6691daafd848f11a54657d5fd79 7212 libs optional libvncserver_0.9.11+dfsg-1.3~deb9u3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl4ViMUVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxse0P/RqAKMdgHU3k+NPS+Ps6lnGAsRc1
airZn3DTlO5Z4okwrpmSmOHb0bos+orIdbRaFYqKS9c1PiBgmZCCIz0gdOxdyjkg
V+PgyFLUndTsKa/nZQHXUvKQZbzjKDqURWi7Q3LMrBtbRYDBa0FxkeZEcVkMQKks
UNEx/o8r82eGn8fb/YmIXQM39NcirftbckiIQjqpxBC8jEzWoJVWI2thp1/JDfgZ
rrRyLTvwrG2xpdWkIYfKqMhyZzBebPZzZWsx2p06HVTWh9qmf86p0l/C5BNU5X/b
P5H5gXfhe8J5FY2srNFo/sp04yFHjD3sylaUfjLuBRrRPBQMOLIJkjF0iNV+0Op6
NbzPZSDe0JivV5Ybd5RLNmixUphB4YEN1BH9XDpU+0GDTSkQGxLT9uGOiWcnY3I8
EuWmKAOQPQE6tTTeR/93+l87RkDaLSHRJn7HktgmpoJT8y5myCAifOJT1M/LqpMW
lW72nh7L6zQf2PM8DpRN8PDUnA4isv6wpMqipr5k12B3dVLMi2IcLjFBA8tv2/XF
WKZ+7Gs1kBT9PZTxaqIQU26POTnMqbklRoX/HkVF5CIyNnVlZlMK9ei90o6qEqVI
5NK3v+GdUWIchAxQaj+XMzcHTHWZXWaw/qr4tkgDPdDGIa5sI3gjaHz/3TEAxHAR
Ip4uSa8aGsZq0VCb
=SAC8
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#905786: marked as done (libvncserver1: Use-after-free on shutdown when clients are still connected (causing issue for Virtualbox))
Next by Date: Bug#948675: remmina-plugin-vnc: graphic errors and high CPU usage on VNC since 1.3.10
Previous by thread: Bug#905786: marked as done (libvncserver1: Use-after-free on shutdown when clients are still connected (causing issue for Virtualbox))
Next by thread: Processing of remmina_1.3.10+dfsg-1~bpo10+1_source.changes
Index(es):
- Date
- Thread