Red Hat Security Advisory 2021-1811-01 - LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Issues addressed include buffer overflow, denial of service, information leakage, and null pointer vulnerabilities.
989c7c7a8b862491fda2080a22ef46eea64cdd2291abf9a2c70ec3dde79b59f1
Ubuntu Security Notice 4573-1 - Nicolas Ruff discovered that Vino incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. It was discovered that Vino incorrectly handled certain packet lengths. A remote attacker could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
d1c1dec0425b1351154dbc2e5d1e29f09c8665e1b8c90126af657be592658be8
Ubuntu Security Notice 4434-1 - Ramin Farajpour Cami discovered that LibVNCServer incorrectly handled certain malformed unix socket names. A remote attacker could exploit this with a crafted socket name, leading to a denial of service, or possibly execute arbitrary code. It was discovered that LibVNCServer did not properly access byte-aligned data. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.
5d42906ccf648239aa74d400a8d658ef74c822baa65311e803beacdd0ea77dbb