Several security issues were fixed in LibVNCServer.
Software Description:
- libvncserver: vnc server library
Details:
Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled
certain malformed unix socket names. A remote attacker could exploit this
with a crafted socket name, leading to a denial of service, or possibly
execute arbitrary code. (CVE-2019-20839)
It was discovered that LibVNCServer did not properly access byte-aligned
data. A remote attacker could possibly use this issue to cause
LibVNCServer to crash, resulting in a denial of service. This issue only
affected Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. (CVE-2019-20840)
Christian Beier discovered that LibVNCServer incorrectly handled anonymous
TLS connections. A remote attacker could possibly use this issue to cause
LibVNCServer to crash, resulting in a denial of service. This issue only
affected Ubuntu 20.04 LTS. (CVE-2020-14396)
It was discovered that LibVNCServer incorrectly hand...
The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: libvncclient1 0.9.12+dfsg-9ubuntu0.2 libvncserver1 0.9.12+dfsg-9ubuntu0.2 Ubuntu 18.04 LTS: libvncclient1 0.9.11+dfsg-1ubuntu1.3 libvncserver1 0.9.11+dfsg-1ubuntu1.3 Ubuntu 16.04 LTS: libvncclient1 0.9.10+dfsg-3ubuntu0.16.04.5 libvncserver1 0.9.10+dfsg-3ubuntu0.16.04.5 After a standard system update you need to restart LibVNCServer applications to make all the necessary changes.
https://ubuntu.com/security/notices/USN-4434-1
CVE-2019-20839, CVE-2019-20840, CVE-2020-14396, CVE-2020-14397,
CVE-2020-14398, CVE-2020-14399, CVE-2020-14400, CVE-2020-14401,
CVE-2020-14402, CVE-2020-14403, CVE-2020-14404, CVE-2020-14405
Get the latest Linux and open source security news straight to your inbox.