USN-4636-1: LibVNCServer, Vino vulnerability

17 November 2020

LibVNCServer and Vino could be made to crash.

Releases

Packages

Details

It was discovered that LibVNCServer incorrectly handled certain internals.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

Vino package ships with a LibVNCServer source and all listed releases were
affected for this package.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.10
Ubuntu 20.04
Ubuntu 18.04
Ubuntu 16.04

In general, a standard system update will make all the necessary changes.

References