[SECURITY] Fedora 32 Update: libvncserver-0.9.13-2.fc32

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-1a4b1c8271 2020-07-16 01:13:06.319933 -------------------------------------------------------------------------------- Name : libvncserver Product : Fedora 32 Version : 0.9.13 Release : 2.fc32 URL : http://libvnc.github.io/ Summary : Library to make writing a VNC server easy Description : LibVNCServer makes writing a VNC server (or more correctly, a program exporting a frame-buffer via the Remote Frame Buffer protocol) easy. It hides the programmer from the tedious task of managing clients and compression schemata. -------------------------------------------------------------------------------- Update Information: New upstream bugfix/security release. -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 2 2020 Rex Dieter <rdieter(a)fedoraproject.org&gt; - 0.9.13-2 - tls patches rebased * Thu Jul 2 2020 Rex Dieter <rdieter(a)fedoraproject.org&gt; - 0.9.13-1 - 0.9.13 - FIXME/TODO: tls patches need rebasing, work-in-progress * Tue Feb 11 2020 S��rgio Basto <sergio(a)serjux.com&gt; - 0.9.12-1 - Update to 0.9.12 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1849877 - CVE-2019-20839 libvncserver: "ConnectClientToUnixSock()" buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1849877 [ 2 ] Bug #1849881 - CVE-2019-20840 libvncserver: unaligned accesses in hybiReadAndDecode can lead to a crash https://bugzilla.redhat.com/show_bug.cgi?id=1849881 [ 3 ] Bug #1849886 - CVE-2018-21247 libvncserver: uninitialized memory contents are vulnerable to Information Leak https://bugzilla.redhat.com/show_bug.cgi?id=1849886 [ 4 ] Bug #1852356 - CVE-2017-18922 libvncserver: websocket decoding buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1852356 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-1a4b1c8271' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------