| Errata ID | 594 |
|---|---|
| Date | 2019-02-06 |
| Source package | libvncserver |
| Fixed in version | 0.9.9+dfsg2-6.1+deb8u5 |
| Description | This update addresses the following issues: * Use-after-free in file transfer extension allows for potential code execution (CVE-2018-15126) * Multiple heap out-of-bound writes in VNC client code (Incomplete fix for CVE-2018-20019) (CVE-2018-20748) * Heap out-of-bounds write in rfbserver.c in rfbProcessFileTransferReadBuffer() allows for potential code execution (Incomplete fix for CVE-2018-15127) (CVE-2018-20749) * Heap out-of-bounds write in rfbserver.c in rfbProcessFileTransferReadBuffer() allows for potential code execution (Incomplete fix for CVE-2018-15127) (CVE-2018-20750) |
| Additional notes | |
| CVE ID | CVE-2018-15126 CVE-2018-20748 CVE-2018-20749 CVE-2018-20750 CVE-2018-20019 |
| UCS Bug number | #48597 |
