Several security issues were fixed in LibVNCServer.
Software Description:
- libvncserver: vnc server library
Details:
It was discovered that LibVNCServer incorrectly handled certain operations.
A remote attacker able to connect to applications using LibVNCServer could
possibly use this issue to obtain sensitive information, cause a denial of
service, or execute arbitrary code.
The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: libvncclient1 0.9.11+dfsg-1.1ubuntu0.1 libvncserver1 0.9.11+dfsg-1.1ubuntu0.1 Ubuntu 18.04 LTS: libvncclient1 0.9.11+dfsg-1ubuntu1.1 libvncserver1 0.9.11+dfsg-1ubuntu1.1 Ubuntu 16.04 LTS: libvncclient1 0.9.10+dfsg-3ubuntu0.16.04.3 libvncserver1 0.9.10+dfsg-3ubuntu0.16.04.3 Ubuntu 14.04 LTS: libvncserver0 0.9.9+dfsg-1ubuntu1.4 After a standard system update you need to restart LibVNCServer applications to make all the necessary changes.
https://ubuntu.com/security/notices/USN-3877-1
CVE-2018-15126, CVE-2018-15127, CVE-2018-20019, CVE-2018-20020,
CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024,
CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-6307
Get the latest Linux and open source security news straight to your inbox.