[ALSA-2021:1811] Moderate: libvncserver security update
Type:
security
Severity:
moderate
Release date:
2021-11-12
Description:
LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Security Fix(es): * libvncserver: uninitialized memory contents are vulnerable to Information Leak (CVE-2018-21247) * libvncserver: buffer overflow in ConnectClientToUnixSock() (CVE-2019-20839) * libvncserver: libvncserver/rfbregion.c has a NULL pointer dereference (CVE-2020-14397) * libvncserver: libvncclient/rfbproto.c does not limit TextChat size (CVE-2020-14405) * libvncserver: libvncserver/rfbserver.c has a divide by zero which could result in DoS (CVE-2020-25708) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 libvncserver-0.9.11-17.el8.aarch64.rpm 64a26dece1402e423977b408b0ac3c0bcbc3eb20ef7ac0ba6547824461eced7d
aarch64 libvncserver-devel-0.9.11-17.el8.aarch64.rpm d493b52633e6d63611bbe9f9920783589d4e88f22a8c8b0cc864ee715dcfa2bf
i686 libvncserver-0.9.11-17.el8.i686.rpm 66a0b92a14b69f733340ebe8efa4d49a2fa2a57e0156a4b44e0c1ba1cc19f1c2
i686 libvncserver-devel-0.9.11-17.el8.i686.rpm 7776e8cd00c039de134e7adadd8d7aa02265b9a949117e1dc5fbcb842de564af
ppc64le libvncserver-devel-0.9.11-17.el8.ppc64le.rpm 7166caa6f0068a3b9ef43ff0c4750e9f9ee7d37210b1be38a1d9b496af07e7e2
ppc64le libvncserver-0.9.11-17.el8.ppc64le.rpm e6b8ee46687541fb9342ebbfac1c6e1318b3a2dcdc1d9607139799e26378eb3d
x86_64 libvncserver-devel-0.9.11-17.el8.x86_64.rpm 3208117cf82714bfcb05156e8f1cf08fb9c299884dd49b60144800b3f21432b2
x86_64 libvncserver-0.9.11-17.el8.x86_64.rpm 7e6db7b8e9a5706a3d8421cd4beade7c59ae499cc946f243e64be1acf6ca07fd
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.