--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-1a4b1c8271
2020-07-16 01:13:06.319933
--------------------------------------------------------------------------------
Name : libvncserver
Product : Fedora 32
Version : 0.9.13
Release : 2.fc32
URL :
http://libvnc.github.io/
Summary : Library to make writing a VNC server easy
Description :
LibVNCServer makes writing a VNC server (or more correctly, a program exporting
a frame-buffer via the Remote Frame Buffer protocol) easy.
It hides the programmer from the tedious task of managing clients and
compression schemata.
--------------------------------------------------------------------------------
Update Information:
New upstream bugfix/security release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 2 2020 Rex Dieter <rdieter(a)fedoraproject.org> - 0.9.13-2
- tls patches rebased
* Thu Jul 2 2020 Rex Dieter <rdieter(a)fedoraproject.org> - 0.9.13-1
- 0.9.13
- FIXME/TODO: tls patches need rebasing, work-in-progress
* Tue Feb 11 2020 S��rgio Basto <sergio(a)serjux.com> - 0.9.12-1
- Update to 0.9.12
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1849877 - CVE-2019-20839 libvncserver: "ConnectClientToUnixSock()"
buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1849877
[ 2 ] Bug #1849881 - CVE-2019-20840 libvncserver: unaligned accesses in
hybiReadAndDecode can lead to a crash
https://bugzilla.redhat.com/show_bug.cgi?id=1849881
[ 3 ] Bug #1849886 - CVE-2018-21247 libvncserver: uninitialized memory contents are
vulnerable to Information Leak
https://bugzilla.redhat.com/show_bug.cgi?id=1849886
[ 4 ] Bug #1852356 - CVE-2017-18922 libvncserver: websocket decoding buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1852356
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-1a4b1c8271' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------