Opened 6 years ago

Closed 6 years ago

#57902 closed update (fixed)

LibVNCServer @0.9.11: update to 0.9.12

Reported by: l2dy (Zero King) Owned by: ryandesign (Ryan Carsten Schmidt)
Priority: Normal Milestone:
Component: ports Version:
Keywords: security Cc:
Port: LibVNCServer

Description

[security-announce] openSUSE-SU-2019:0045-1: important: Security update for LibVNCServer

This update for LibVNCServer fixes the following issues:

Security issues fixed:

  • CVE-2018-15126: Fixed use-after-free in file transfer extension (bsc#1120114)
  • CVE-2018-6307: Fixed use-after-free in file transfer extension server code (bsc#1120115)
  • CVE-2018-20020: Fixed heap out-of-bound write inside structure in VNC client code (bsc#1120116)
  • CVE-2018-15127: Fixed heap out-of-bounds write in rfbserver.c (bsc#1120117)
  • CVE-2018-20019: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1120118)
  • CVE-2018-20023: Fixed information disclosure through improper initialization in VNC Repeater client code (bsc#1120119)
  • CVE-2018-20022: Fixed information disclosure through improper initialization in VNC client code (bsc#1120120)
  • CVE-2018-20024: Fixed NULL pointer dereference in VNC client code (bsc#1120121)
  • CVE-2018-20021: Fixed infinite loop in VNC client code (bsc#1120122)

This update was imported from the SUSE:SLE-12:Update update project.

Change History (3)

comment:1 Changed 6 years ago by ryandesign (Ryan Carsten Schmidt)

Status: assignedaccepted

Yes, I saw that this update is available, however they have switched to the cmake build system so it is not as simple as just updating the version and checksums.

comment:2 Changed 6 years ago by ryandesign (Ryan Carsten Schmidt)

And because the developers were apparently not aware of the idiosyncrasies of libtool library version numbering on macOS and did not counteract the change that switching to cmake would cause, the compatibility minor version number of both libraries decreased. To compensate, we'll have to revbump everything that links with them; fortunately that's only two ports.

comment:3 Changed 6 years ago by ryandesign (Ryan Carsten Schmidt)

Resolution: fixed
Status: acceptedclosed

In 5548c52a60d75028bffa5c96b3ac2779da78a122/macports-ports (master):

LibVNCServer: Update to 0.9.12

The build system has changed to cmake as of this version. Because the
developers did not compensate for the difference between libtool and
cmake library versioning on macOS, the compatibility minor version of
the libraries inadvertently decreased, so ports linking with either of
the libraries were revbumped to rebuild them.

Closes: #57902

Note: See TracTickets for help on using tickets.