A libvncserver security update has been released for Debian GNU/Linux 9 Extended LTS to address a memory leak that may be used by a remote attacker to cause a denial of service.
ELA-690-1 libvncserver security update
Package libvncserver
ELA-690-1 libvncserver security update
Version 0.9.11+dfsg-1.3~deb9u7 (stretch)
Related CVEs CVE-2020-29260
An issue has been found in libvncserver, a library to write one’s own VNC server. Due to a memory leak in function rfbClientCleanup() a remote attacker might be able to cause a denial of service.
For Debian 9 stretch, these problems have been fixed in version 0.9.11+dfsg-1.3~deb9u7.
We recommend that you upgrade your libvncserver packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
