USN-3171-1: LibVNCServer vulnerabilities

Discussion in 'Security' started by Ubuntu Security Notices, Jan 11, 2017.

Thread Status:
This thread is more than 60 days old.
  1. Ubuntu Security Notice USN-3171-1

    11th January, 2017

    libvncserver vulnerabilities

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 16.10
    • Ubuntu 16.04 LTS
    • Ubuntu 14.04 LTS
    • Ubuntu 12.04 LTS

    Several security issues were fixed in LibVNCServer.

    Software description

    • libvncserver - vnc server library

    Josef Gajdusek discovered that the LibVNCServer client library incorrectly
    handled certain FrameBufferUpdate messages. If a user were tricked into
    connecting to a malicious server, an attacker could use this issue to cause
    a denial of service, or possibly execute arbitrary code. (CVE-2016-9941,

    Update instructions

    The problem can be corrected by updating your system to the following package version:

    Ubuntu 16.10:
    libvncserver1 0.9.10+dfsg-3ubuntu0.16.10.1
    libvncclient1 0.9.10+dfsg-3ubuntu0.16.10.1
    Ubuntu 16.04 LTS:
    libvncserver1 0.9.10+dfsg-3ubuntu0.16.04.1
    libvncclient1 0.9.10+dfsg-3ubuntu0.16.04.1
    Ubuntu 14.04 LTS:
    libvncserver0 0.9.9+dfsg-1ubuntu1.2
    Ubuntu 12.04 LTS:

    To update your system, please follow these instructions:

    In general, a standard system update will make all the necessary changes.


    CVE-2016-9941, CVE-2016-9942

    Continue reading...
Thread Status:
This thread is more than 60 days old.

Share This Page