Debian 10260 Published by

A libvncserver security update has been released for Debian GNU/Linux 9 Extended LTS to address a memory leak that may be used by a remote attacker to cause a denial of service.



ELA-690-1 libvncserver security update

Package libvncserver
Version 0.9.11+dfsg-1.3~deb9u7 (stretch)
Related CVEs CVE-2020-29260

An issue has been found in libvncserver, a library to write one’s own VNC server. Due to a memory leak in function rfbClientCleanup() a remote attacker might be able to cause a denial of service.

For Debian 9 stretch, these problems have been fixed in version 0.9.11+dfsg-1.3~deb9u7.

We recommend that you upgrade your libvncserver packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-690-1 libvncserver security update