libvncserver: memory corruption
| Package(s): | libvncserver | CVE #(s): | |||||
| Created: | January 4, 2016 | Updated: | January 6, 2016 | ||||
| Description: | From the Debian LTS advisory:
An issue had been discovered and resolved by the libvncserver upstream developer Karl Runge addressing thread-safety in libvncserver when libvncserver is used for handling multiple VNC connections [1]. Unfortunately, it is not trivially feasible (because of ABI breakage) to backport the related patch to libvncserver 0.9.7 as shipped in Debian squeeze(-lts). However, the thread-safety patch discussed resolved a related issue of memory corruption caused by freeing global variables without nullifying them when reusing them in another "thread", especially occurring when libvncserver is used for handling multiple VNC connections The described issue has been resolved with this version of libvncserver and users of VNC are recommended to upgrade to this version of the package. | ||||||
| Alerts: |
| ||||||