Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected], [email protected]
Control: affects -1 + src:tigervnc
User: [email protected]
Usertags: pu
* CVE-2026-34352: Prevent other users reading x0vncserver screen
(Closes: #1132166)
diffstat for tigervnc-1.15.0+dfsg tigervnc-1.15.0+dfsg
changelog | 15 +++++
patches/0001-Prevent-other-users-reading-x0vncserver-screen.patch | 28
++++++++++
patches/series | 1
3 files changed, 44 insertions(+)
diff -Nru tigervnc-1.15.0+dfsg/debian/changelog
tigervnc-1.15.0+dfsg/debian/changelog
--- tigervnc-1.15.0+dfsg/debian/changelog 2025-05-06 01:30:59.000000000
+0300
+++ tigervnc-1.15.0+dfsg/debian/changelog 2026-07-03 19:13:02.000000000
+0300
@@ -1,3 +1,18 @@
+tigervnc (1.15.0+dfsg-2.1~deb13u1) trixie; urgency=medium
+
+ * Non-maintainer upload.
+ * Rebuild for trixie.
+
+ -- Adrian Bunk <[email protected]> Fri, 03 Jul 2026 19:13:02 +0300
+
+tigervnc (1.15.0+dfsg-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2026-34352: Prevent other users reading x0vncserver screen
+ (Closes: #1132166)
+
+ -- Adrian Bunk <[email protected]> Wed, 01 Jul 2026 11:47:57 +0300
+
tigervnc (1.15.0+dfsg-2) unstable; urgency=medium
[ Stephan Springl ]
diff -Nru
tigervnc-1.15.0+dfsg/debian/patches/0001-Prevent-other-users-reading-x0vncserver-screen.patch
tigervnc-1.15.0+dfsg/debian/patches/0001-Prevent-other-users-reading-x0vncserver-screen.patch
---
tigervnc-1.15.0+dfsg/debian/patches/0001-Prevent-other-users-reading-x0vncserver-screen.patch
1970-01-01 02:00:00.000000000 +0200
+++
tigervnc-1.15.0+dfsg/debian/patches/0001-Prevent-other-users-reading-x0vncserver-screen.patch
2026-07-01 11:47:08.000000000 +0300
@@ -0,0 +1,28 @@
+From 8010762320e95f56152af4e327b3fe19b27e6d37 Mon Sep 17 00:00:00 2001
+From: Pierre Ossman <[email protected]>
+Date: Tue, 24 Mar 2026 09:52:01 +0100
+Subject: Prevent other users reading x0vncserver screen
+
+Prevent other users from observing the screen, or modifying what is sent
+to the client. Malicious attackers can even crash x0vncserver if they
+time the modifications right.
+---
+ unix/x0vncserver/Image.cxx | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/unix/x0vncserver/Image.cxx b/unix/x0vncserver/Image.cxx
+index bfe5e730..77554ea3 100644
+--- a/unix/x0vncserver/Image.cxx
++++ b/unix/x0vncserver/Image.cxx
+@@ -287,7 +287,7 @@ void ShmImage::Init(int width, int height, const
XVisualInfo *vinfo)
+
+ shminfo->shmid = shmget(IPC_PRIVATE,
+ xim->bytes_per_line * xim->height,
+- IPC_CREAT|0777);
++ IPC_CREAT|0600);
+ if (shminfo->shmid == -1) {
+ perror("shmget");
+ vlog.error("shmget() failed (%d bytes requested)",
+--
+2.47.3
+
diff -Nru tigervnc-1.15.0+dfsg/debian/patches/series
tigervnc-1.15.0+dfsg/debian/patches/series
--- tigervnc-1.15.0+dfsg/debian/patches/series 2025-05-06 01:30:32.000000000
+0300
+++ tigervnc-1.15.0+dfsg/debian/patches/series 2026-07-01 11:47:56.000000000
+0300
@@ -39,3 +39,4 @@
# The following patches are security fixes
CVE-2014-8240-849479.patch
+0001-Prevent-other-users-reading-x0vncserver-screen.patch