Ubuntu Security Notice USN-4636-1

Ubuntu Security Notice USN-4636-1: Posted Nov 18, 2020; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4636-1 - It was discovered that LibVNCServer incorrectly handled certain internals. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Vino package ships with a LibVNCServer source and all listed releases were affected for this package.; tags | advisory, denial of service; systems | linux, ubuntu; advisories | CVE-2020-25708; SHA-256 | dff9dd4411bbb2f25b67f776024121fc8b4c1e32b7885894f3eb9f809d788e6a; Download | Favorite | View

Ubuntu Security Notice USN-4636-1

=========================================================================
Ubuntu Security Notice USN-4636-1
November 17, 2020

libvncserver, vino vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

LibVNCServer and Vino could be made to crash.

Software Description:
- vino: VNC server for GNOME
- libvncserver: vnc server library

Details:

It was discovered that LibVNCServer incorrectly handled certain internals.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

Vino package ships with a LibVNCServer source and all listed releases were
affected for this package.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
  vino                            3.22.0-6ubuntu2.1

Ubuntu 20.04 LTS:
  libvncclient1                   0.9.12+dfsg-9ubuntu0.3
  libvncserver1                   0.9.12+dfsg-9ubuntu0.3
  vino                            3.22.0-5ubuntu2.2

Ubuntu 18.04 LTS:
  libvncclient1                   0.9.11+dfsg-1ubuntu1.4
  libvncserver1                   0.9.11+dfsg-1ubuntu1.4
  vino                            3.22.0-3ubuntu1.2

Ubuntu 16.04 LTS:
  libvncclient1                   0.9.10+dfsg-3ubuntu0.16.04.6
  libvncserver1                   0.9.10+dfsg-3ubuntu0.16.04.6
  vino                            3.8.1-0ubuntu9.4

In general, a standard system update will make all the necessary changes.

References:
  https://usn.ubuntu.com/4636-1
  CVE-2020-25708

Package Information:
  https://launchpad.net/ubuntu/+source/vino/3.22.0-6ubuntu2.1
  https://launchpad.net/ubuntu/+source/libvncserver/0.9.12+dfsg-9ubuntu0.3
  https://launchpad.net/ubuntu/+source/vino/3.22.0-5ubuntu2.2
  https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1ubuntu1.4
  https://launchpad.net/ubuntu/+source/vino/3.22.0-3ubuntu1.2
  https://launchpad.net/ubuntu/+source/libvncserver/0.9.10+dfsg-3ubuntu0.16.04.6
  https://launchpad.net/ubuntu/+source/vino/3.8.1-0ubuntu9.4

Top Authors In Last 30 Days

Red Hat 419 files
Ubuntu 107 files
Debian 30 files
Rahad Chowdhury 21 files
BugsBD Limited 21 files
Gentoo 18 files
tmrswrr 12 files
Google Security Research 7 files
Ph0s 5 files
R0ckE7 5 files

File Archives

Systems

AIX (429)
Apple (2,037)
BSD (375)
CentOS (57)
Cisco (1,926)
Debian (6,914)
Fedora (1,692)
FreeBSD (1,246)
Gentoo (4,379)
HPUX (880)
iOS (363)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (47,896)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (486)
RedHat (14,654)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,152)
UNIX (9,340)
UnixWare (187)
Windows (6,609)
Other

Ubuntu Security Notice USN-4636-1

Ubuntu Security Notice USN-4636-1

File Archive:

December 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-4636-1

Share This

Ubuntu Security Notice USN-4636-1

File Archive:

December 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems