Package "vino"
Name: |
vino
|
Description: |
VNC server for GNOME
|
Latest version: |
3.22.0-5ubuntu2.2 |
Release: |
focal (20.04) |
Level: |
updates |
Repository: |
main |
Homepage: |
https://wiki.gnome.org/Projects/Vino |
Links
Download "vino"
Other versions of "vino" in Focal
Changelog
vino (3.22.0-5ubuntu2.2) focal-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2020-25708.patch: fix possible divide-by-zero in
server/libvncserver/rfbserver.c.
- CVE-2020-25708
-- <email address hidden> (Leonidas S. Barbosa) Mon, 16 Nov 2020 11:50:06 -0300
|
Source diff to previous version |
CVE-2020-25708 |
libvncserver/rfbserver.c has a divide by zero which could result in DoS |
|
vino (3.22.0-5ubuntu2.1) focal-security; urgency=medium
* SECURITY UPDATE: DoS via unchecked malloc
- debian/patches/CVE-2014-6053.patch: check malloc() return value in
server/libvncserver/rfbserver.c.
- CVE-2014-6053
* SECURITY UPDATE: client cut length issue
- debian/patches/CVE-2018-7225.patch: limit client cut text length to
1 MB in server/libvncserver/rfbserver.c.
- CVE-2018-7225
* SECURITY UPDATE: information disclosure via memory leak
- debian/patches/CVE-2019-15681.patch: don't leak stack memory to the
remote in server/libvncserver/rfbserver.c.
- CVE-2019-15681
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2020-14397.patch: add missing NULL pointer checks
in server/libvncserver/rfbregion.c, server/libvncserver/rfbserver.c.
- CVE-2020-14397
* SECURITY UPDATE: out-of-bounds access via encodings
- debian/patches/CVE-2020-1440x.patch: prevent OOB accesses in
server/libvncserver/corre.c, server/libvncserver/hextile.c,
server/libvncserver/rre.c.
- CVE-2020-14402
- CVE-2020-14403
- CVE-2020-14404
-- Marc Deslauriers <email address hidden> Tue, 06 Oct 2020 10:33:38 -0400
|
CVE-2014-6053 |
Server crash on a very large ClientCutText message |
CVE-2018-7225 |
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to a |
CVE-2019-15681 |
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read st |
CVE-2020-14397 |
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. |
CVE-2020-1440 |
A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data, aka 'Microsoft SharePoint Server Tampering V |
CVE-2020-14402 |
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. |
CVE-2020-14403 |
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. |
CVE-2020-14404 |
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings. |
|
About
-
Send Feedback to @ubuntu_updates