Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.4053
libvncserver security update
16 November 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: libvncserver
Publisher: Debian
Operating System: Debian GNU/Linux
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-25708
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2020/11/msg00025.html
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running libvncserver check for an updated version of the software
for their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2451-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
November 15, 2020 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : libvncserver
Version : 0.9.11+dfsg-1.3~deb9u6
CVE ID : CVE-2020-25708
An issue has been found in libvncserver, an API to write one's own VNC
server.
Due to some missing checks, a divide by zero could happen, which could
result in a denial of service.
For Debian 9 stretch, this problem has been fixed in version
0.9.11+dfsg-1.3~deb9u6.
We recommend that you upgrade your libvncserver packages.
For the detailed security status of libvncserver please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libvncserver
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl+xnOtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEd07BAAhZnmzl/BVVJIaz2qWnqxTyPOheS8DwNq6DdJk34ZbDcfiOr9tkeYwVdU
qOTchNcYkm3oAmUv6P/OS0abVnvC2AH9GkV8tbFE8zuC7X7zn1LqJbe/tu4m159z
vYGtQLcV5oTDJ6zCYhDL6OobDcF/TMnBsqYzHE2yyjJ7b4OyquIas87gWGlMJaIr
Lb2bT4lLusrOzc2aiMPi7YFB2Abj+zSOoeg3Xl0w/orqwFIpZPjfgFwFHa/zT+C0
07H/syEktsUyo1NFYAsCmU7l6eTmjWT5lxdWKtDxVnj3sBxXJUj0S3QlelYYo+e4
xu9jkiJduN39CAiniWLfQaXQ7uhAKIPznfDsa4O7Iu3o69WzgQMSEikzfLHsm/B7
gakk8wXsDbx3xalpKr6mPNSyI/O00edpjqKSGC/nzdcid75MglNIWxJ1Lc6fcfQB
8QsGn1/1jsduXkyb/hC6gdupyf/cxdUmvTZDnlwpxoi3uNs4JrTu5r2rA/tVGlUZ
oBvkUP6IH0LcGchQxlbKt+R51KwUiR2hYbxK8becVTROZlYuOfWuBM3FK+j+SCTc
YYiXfbqwjIU/uHTiB2vsFmaxjQhBEs+dWV//Bs4tZ8bhuiv4xBPQekY9oWzuImCK
uGAuLBWuYJ8lbkQkGCyNVSUDRFVuxZxx823ATQR8Am5PvB740J8=
=lA2A
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX7HRNuNLKJtyKPYoAQhIMg/9FRY2KdrSgTFfPCeqLIDfcgMGPXedIZsz
jm0lXU03I4txW8c5w4UIKsG7j9wgQAuQtiB1e2zdntn34JpBsC5r38HzNqDtT8mf
t3BJ2Dh3eGUjtswpWa47VxPyCU8M4ad50qEe7JCMxlQhJXranijXlslm5W/702vJ
kvB7KdiW5VHTcIkBHSq4qvAiSLfrJHLTLH3Q508Y/gPeKenRJ3wj2zBs5dj17DdF
QdBg3dBUMvsVnlGnICYYgXBGNoZRcwKXqdpjuDExgcDo4Lkzbf0xkG5TfrM9YMAt
0dSOMu1/QMT2trbplQFiYzSKLH+X49aXAYd77v1J2bDL63TcloEskLqTwUvdVHY5
JdzMBEYQeX5vXRur6UdbPM9p1xQ4M/KWM/4vNNlr2/ZwJaljUOhEZ/5zwRHzJbwc
9BfTp3ixhCg4S7O6/e9RRWE9kZ3R56AR3cAgd5ETte+wXYVBX1oSFc7UhSK/OQPy
qQx0jmsESHQutor+vuaVUhurl8tGfpfTnZCtXvSx+a5s0VmB9gFGZF9cJs7G2euP
imBpZ+4ZbbFdW5SLOJqXo11Yr7OASyatrvLCr1VRf57VWXhPPVB++L7uq8k+EYLB
jfUPgV1fXIcHtHu6UOepESN7RF5CcL86HjhaFBMw2/Bj6fVn+4FEYlhZBStEh4fH
b6oin+yEE34=
=Nya+
-----END PGP SIGNATURE-----