Debian Security Advisory
DSA-4383-1 libvncserver -- security update
- Date Reported:
- 03 Feb 2019
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 916941.
In Mitre's CVE dictionary: CVE-2018-6307, CVE-2018-15126, CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024.
- More information:
Pavel Cheremushkin discovered several vulnerabilities in libvncserver, a library to implement VNC server/client functionalities, which might result in the execution of arbitrary code, denial of service or information disclosure.
For the stable distribution (stretch), these problems have been fixed in version 0.9.11+dfsg-1.3~deb9u1.
We recommend that you upgrade your libvncserver packages.
For the detailed security status of libvncserver please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libvncserver