Debian Bug report logs -
#850007
libvncserver: CVE-2016-9941
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 3 Jan 2017 06:15:01 UTC
Severity: grave
Tags: patch, security, upstream
Found in versions libvncserver/0.9.10+dfsg-3, libvncserver/0.9.9+dfsg-1
Fixed in versions libvncserver/0.9.9+dfsg2-6.1+deb8u2, libvncserver/0.9.11+dfsg-1
Done: Peter Spiess-Knafl <dev@spiessknafl.at>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Peter Spiess-Knafl <dev@spiessknafl.at>
:
Bug#850007
; Package src:libvncserver
.
(Tue, 03 Jan 2017 06:15:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Peter Spiess-Knafl <dev@spiessknafl.at>
.
(Tue, 03 Jan 2017 06:15:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: libvncserver
Version: 0.9.10+dfsg-3
Severity: grave
Tags: upstream security patch
Justification: user security hole
Hi,
the following vulnerability was published for libvncserver.
CVE-2016-9941[0]:
| Heap-based buffer overflow in rfbproto.c in LibVNCClient in
| LibVNCServer before 0.9.11 allows remote servers to cause a denial of
| service (application crash) or possibly execute arbitrary code via a
| crafted FramebufferUpdate message containing a subrectangle outside of
| the client drawing area.
Fixing commit for the rfbproto.c part of the pull request in [1].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-9941
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9941
[1] https://github.com/LibVNC/libvncserver/pull/137/commits/5418e8007c248bf9668d22a8c1fa9528149b69f2
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org
:
Bug#850007
; Package src:libvncserver
.
(Tue, 03 Jan 2017 09:30:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Peter Spiess-Knafl <dev@spiessknafl.at>
:
Extra info received and forwarded to list.
(Tue, 03 Jan 2017 09:30:06 GMT) (full text, mbox, link).
Message #10 received at 850007@bugs.debian.org (full text, mbox, reply):
Hi Salvatore!
I prepared the package containing the fixes for both CVE's on git:
https://anonscm.debian.org/cgit/collab-maint/libvncserver.git/tag/?h=debian/0.9.9%2bdfsg2-6.1%2bdeb8u2
Can you upload them?
Greetings,
Peter
On 01/03/2017 07:12 AM, Salvatore Bonaccorso wrote:
> Source: libvncserver
> Version: 0.9.10+dfsg-3
> Severity: grave
> Tags: upstream security patch
> Justification: user security hole
>
> Hi,
>
> the following vulnerability was published for libvncserver.
>
> CVE-2016-9941[0]:
> | Heap-based buffer overflow in rfbproto.c in LibVNCClient in
> | LibVNCServer before 0.9.11 allows remote servers to cause a denial of
> | service (application crash) or possibly execute arbitrary code via a
> | crafted FramebufferUpdate message containing a subrectangle outside of
> | the client drawing area.
>
> Fixing commit for the rfbproto.c part of the pull request in [1].
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2016-9941
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9941
> [1] https://github.com/LibVNC/libvncserver/pull/137/commits/5418e8007c248bf9668d22a8c1fa9528149b69f2
>
> Please adjust the affected versions in the BTS as needed.
>
> Regards,
> Salvatore
>
Marked as fixed in versions libvncserver/0.9.11+dfsg-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Thu, 05 Jan 2017 06:39:04 GMT) (full text, mbox, link).
Marked Bug as done
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Thu, 05 Jan 2017 06:39:04 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Thu, 05 Jan 2017 06:39:05 GMT) (full text, mbox, link).
Message sent on
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug#850007.
(Thu, 05 Jan 2017 06:39:08 GMT) (full text, mbox, link).
Message #19 received at 850007-submitter@bugs.debian.org (full text, mbox, reply):
close 850007 0.9.11+dfsg-1
close 850008 0.9.11+dfsg-1
thanks
Marked as found in versions libvncserver/0.9.9+dfsg-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Fri, 06 Jan 2017 06:24:06 GMT) (full text, mbox, link).
Marked as fixed in versions libvncserver/0.9.9+dfsg2-6.1+deb8u2.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Fri, 06 Jan 2017 06:24:07 GMT) (full text, mbox, link).
Reply sent
to Peter Spiess-Knafl <dev@spiessknafl.at>
:
You have taken responsibility.
(Fri, 06 Jan 2017 21:21:50 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Fri, 06 Jan 2017 21:21:50 GMT) (full text, mbox, link).
Message #28 received at 850007-close@bugs.debian.org (full text, mbox, reply):
Source: libvncserver
Source-Version: 0.9.9+dfsg2-6.1+deb8u2
We believe that the bug you reported is fixed in the latest version of
libvncserver, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 850007@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Peter Spiess-Knafl <dev@spiessknafl.at> (supplier of updated libvncserver package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 03 Jan 2017 09:41:51 +0100
Source: libvncserver
Binary: libvncclient0 libvncserver0 libvncserver-dev libvncserver-config libvncclient0-dbg libvncserver0-dbg linuxvnc
Architecture: source amd64
Version: 0.9.9+dfsg2-6.1+deb8u2
Distribution: stable
Urgency: high
Maintainer: Peter Spiess-Knafl <dev@spiessknafl.at>
Changed-By: Peter Spiess-Knafl <dev@spiessknafl.at>
Description:
libvncclient0 - API to write one's own vnc server - client library
libvncclient0-dbg - debugging symbols for libvncclient
libvncserver-config - API to write one's own vnc server - library utility
libvncserver-dev - API to write one's own vnc server - development files
libvncserver0 - API to write one's own vnc server
libvncserver0-dbg - debugging symbols for libvncserver
linuxvnc - VNC server to allow remote access to a tty
Closes: 850007 850008
Changes:
libvncserver (0.9.9+dfsg2-6.1+deb8u2) jessie-security; urgency=high
.
* CVE-2016-9941 (Closes: #850007)
* CVE-2016-9942 (Closes: #850008)
Checksums-Sha1:
9caa759ebb3093e90184bf3c427d44fd4024c536 2112 libvncserver_0.9.9+dfsg2-6.1+deb8u2.dsc
ff75c4a9dfab5eb7e3b2e1b5dcf4db968bf94b08 865281 libvncserver_0.9.9+dfsg2.orig.tar.gz
3dc514212dc31a8b874b9fe18960787ed0fa29ea 29080 libvncserver_0.9.9+dfsg2-6.1+deb8u2.debian.tar.xz
b0297074a8e2fd12c5c1b92f9c2e6ae40f4a0379 124740 libvncclient0_0.9.9+dfsg2-6.1+deb8u2_amd64.deb
3316ecdc36182d62022852342bf3dbd6ad942620 191688 libvncserver0_0.9.9+dfsg2-6.1+deb8u2_amd64.deb
8c50cd94f1ad9ef257016e76e77e4f5a47c25fd9 275526 libvncserver-dev_0.9.9+dfsg2-6.1+deb8u2_amd64.deb
ad62d44ff841d9cf85f23459a3992bf2ba86ba80 90220 libvncserver-config_0.9.9+dfsg2-6.1+deb8u2_amd64.deb
4cfe6a9223a47d7671fa605b17340b1f0b05a89c 182746 libvncclient0-dbg_0.9.9+dfsg2-6.1+deb8u2_amd64.deb
e8cb7966ad93ef41d7a25443d3e30460af19b869 382596 libvncserver0-dbg_0.9.9+dfsg2-6.1+deb8u2_amd64.deb
55ab6930dabed4705bd93ace67c49404a1ddb9c2 86312 linuxvnc_0.9.9+dfsg2-6.1+deb8u2_amd64.deb
Checksums-Sha256:
4626f3c40f9795ed177560dab3e6be397c8ed3c2acc2a4b5e5f239d3d3cc5008 2112 libvncserver_0.9.9+dfsg2-6.1+deb8u2.dsc
9c61fd5c990e16d6aa41bcf5d0eed790a10f3547426fbad46ba145e9900601ed 865281 libvncserver_0.9.9+dfsg2.orig.tar.gz
9b97718c8f288d9d7e8836b171fc05b494f94c150fe531e395ca41f6f910e926 29080 libvncserver_0.9.9+dfsg2-6.1+deb8u2.debian.tar.xz
4f8b82e42167b51b4cf805f690ff1072980979397b8a1fbde00aa4c9483d4767 124740 libvncclient0_0.9.9+dfsg2-6.1+deb8u2_amd64.deb
720ae4510be02f0c92ca61a4570ba4b87ade0b7cd2ef7f85eccebcdae47de8c7 191688 libvncserver0_0.9.9+dfsg2-6.1+deb8u2_amd64.deb
c26f854c9a3dc14d975ddbab39e1468a5b5c0bb6156293bde4ee1de1b355535e 275526 libvncserver-dev_0.9.9+dfsg2-6.1+deb8u2_amd64.deb
bdaa56c2f31cbc6d8a0acb0f320c9bb59cb5a72afb4672b2b24a7fda7962ee6c 90220 libvncserver-config_0.9.9+dfsg2-6.1+deb8u2_amd64.deb
915963a4f082f3c215bf99fe26772ea402e8485931dd5d40a5af1abcf1a9d306 182746 libvncclient0-dbg_0.9.9+dfsg2-6.1+deb8u2_amd64.deb
0b1d8d5cf49bee9452718730c64d5f8c4268d3825908bb9b2f92a4cf5597b44c 382596 libvncserver0-dbg_0.9.9+dfsg2-6.1+deb8u2_amd64.deb
dc7aa528c958e47f7bf6c3320aa73ebb0342b46977f641e4966763ca87016bb5 86312 linuxvnc_0.9.9+dfsg2-6.1+deb8u2_amd64.deb
Files:
99df277c5dfaabd398576af3c7b34a13 2112 libs optional libvncserver_0.9.9+dfsg2-6.1+deb8u2.dsc
3d208f2769778f0fa82ed734aecefb47 865281 libs optional libvncserver_0.9.9+dfsg2.orig.tar.gz
6e13edd39ae2fac3c55c3b18ebfa72ce 29080 libs optional libvncserver_0.9.9+dfsg2-6.1+deb8u2.debian.tar.xz
909db13f66a7a341b5c0a2a192f133b7 124740 libs optional libvncclient0_0.9.9+dfsg2-6.1+deb8u2_amd64.deb
4d0f2abe0f8035f7cdf3b507f6f5fbd5 191688 libs optional libvncserver0_0.9.9+dfsg2-6.1+deb8u2_amd64.deb
ab94d24fdbe75dd9bca27f2dd3e269e2 275526 libdevel optional libvncserver-dev_0.9.9+dfsg2-6.1+deb8u2_amd64.deb
a04b6aeace860284911a4d88d5718333 90220 libdevel optional libvncserver-config_0.9.9+dfsg2-6.1+deb8u2_amd64.deb
eba106d20addf996184019021b87d3fc 182746 debug extra libvncclient0-dbg_0.9.9+dfsg2-6.1+deb8u2_amd64.deb
9c214e57649e72699b8349a353f65fd8 382596 debug extra libvncserver0-dbg_0.9.9+dfsg2-6.1+deb8u2_amd64.deb
9bdf6a5f085e4682ca2a2f80fecf2ded 86312 net optional linuxvnc_0.9.9+dfsg2-6.1+deb8u2_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh4EL6Jg/PVnWQFAlhuObkACgkQEL6Jg/PV
nWSyvQf/eCahPu32bXYxL8QnUR/deYWnjoJqlDP21uJn8ASZr50g9NCbbezZ+ykE
1N+ff7fiKwNLALrehgk2cA8j5AbrYh99kEJR6JDZfadr0r9sCxA7NTkdzMagzRCq
WjLxKRbZa1JGhZ8hkJ/r1kt1G2Axeafv/IfNDvb07xYpMEXfD7ZAUZh7kNbW3P/g
JTSFVf1gQaPUqzxlAFU0WpEyPhg3LGhx514oNb+dUl0DDEkjjjYCftSizPnwh4+r
SyPFaRXWfvDhimDngEu1oW4kCx3yz8IKYxXq0UWlmkOTEgdoA9stZGc8iCFdgO/Y
wIsSOIvnnDO8Y/H+5843bNNNgnW9Vg==
=zMa/
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sat, 04 Feb 2017 07:26:15 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:19:32 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.