Package: libvncserver / 0.9.13+dfsg-2+deb11u1

Metadata

Package Version Patches format
libvncserver 0.9.13+dfsg-2+deb11u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001 libvncserver don t NULL out internal of the default .patch | (download)

libvncserver/main.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 
 [patch 1/2] libvncserver: don't null out internal of the default
 cursor

...otherwise an rfbScreen created after rfbScreenCleanup() was called
gets assigned an invalid cursor struct.
0002 zlib Clear buffer pointers on cleanup.patch | (download)

libvncserver/zlib.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 
 [patch 2/2] zlib: clear buffer pointers on cleanup

The pointers to the buffers were freed, and the size fields were set to
0, but the buffer pointers themsef was not set to NULL, when shutting
down, meaning the next time used, NULL checks would not tell whether the
pointer is valid. This caused crashes ending with

  #0  0x00007ffff73729e5 in raise () from /lib64/libc.so.6
  #1  0x00007ffff735b895 in abort () from /lib64/libc.so.6
  #2  0x00007ffff73b6857 in __libc_message () from /lib64/libc.so.6
  #3  0x00007ffff73bdd7c in malloc_printerr () from /lib64/libc.so.6
  #4  0x00007ffff73c2f1a in realloc () from /lib64/libc.so.6
  #5  0x00007ffff78b558e in rfbSendOneRectEncodingZlib (cl=0x4a4b80, x=0, y=0, w=800, h=40) at /home/jonas/Dev/gnome/libvncserver/libvncserver/zlib.c:106
  #6  0x00007ffff78b5dec in rfbSendRectEncodingZlib (cl=0x4a4b80, x=0, y=0, w=800, h=600) at /home/jonas/Dev/gnome/libvncserver/libvncserver/zlib.c:308
  #7  0x00007ffff7899453 in rfbSendFramebufferUpdate (cl=0x4a4b80, givenUpdateRegion=0x49ef70) at /home/jonas/Dev/gnome/libvncserver/libvncserver/rfbserver.c:3264
  #8  0x00007ffff789079d in rfbUpdateClient (cl=0x4a4b80) at /home/jonas/Dev/gnome/libvncserver/libvncserver/main.c:1275
  #9  0x00007ffff78905f5 in rfbProcessEvents (screen=0x4d5790, usec=0) at /home/jonas/Dev/gnome/libvncserver/libvncserver/main.c:1251
0003 rfb increase update buf size.patch | (download)

rfb/rfb.h | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 [patch] rfb/rfb.h: increase update_buf_size by 2768 bytes

Simply raise the default to 32768 which is not an awful lot of an
increase and should not hurt the embedded guys.

If someone needs more, we can still go down the malloc() route and
make the buffer size configurable, but leave this to the users to
request and KISS for now.

Closes #521
CVE 2020 29260.patch | (download)

libvncclient/vncviewer.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 
---