Ubuntu USN · USN-8463-1

LibVNCServer vulnerabilities

Published: Tue, 23 Jun 2026 14:46

CVE-2020-29260CVE-2026-32853CVE-2026-44988CVE-2026-32854

Summary

Several security issues were fixed in LibVNCServer.

Details

It was discovered that LibVNCServer had a memory leak in the client cleanup function. An attacker could possibly use this issue to cause LibVNCServer to consume memory, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2020-29260) It was discovered that LibVNCServer did not properly validate bounds when handling UltraZip encoding subrectangles. A remote attacker could possibly use this issue to obtain sensitive information or cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.04. (CVE-2026-32853) It was discovered that LibVNCServer did not properly validate return values in the HTTP proxy handlers. A remote attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.04. (CVE-2026-32854) It was discovered that LibVNCServer did not properly handle Tight encoding gradient filter rectangles. A remote attacker could use this issue to cause LibVNCServer to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-44988)

Recommended actions per Ubuntu release

StackPatch playbook auto-generated per release codename and per affected package.

Ubuntu jammy

libvncserver→0.9.13+dfsg-3ubuntu0.1apt_upgrade
Standard apt upgrade. Install 0.9.13+dfsg-3ubuntu0.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libvncserver
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libvncclient1→0.9.13+dfsg-3ubuntu0.1apt_upgrade
Standard apt upgrade. Install 0.9.13+dfsg-3ubuntu0.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libvncclient1
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libvncserver-dev→0.9.13+dfsg-3ubuntu0.1apt_upgrade
Standard apt upgrade. Install 0.9.13+dfsg-3ubuntu0.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libvncserver-dev
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libvncserver1→0.9.13+dfsg-3ubuntu0.1apt_upgrade
Standard apt upgrade. Install 0.9.13+dfsg-3ubuntu0.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libvncserver1
```
Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu noble

libvncserver→0.9.14+dfsg-1ubuntu0.1apt_upgrade
Standard apt upgrade. Install 0.9.14+dfsg-1ubuntu0.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libvncserver
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libvncclient1→0.9.14+dfsg-1ubuntu0.1apt_upgrade
Standard apt upgrade. Install 0.9.14+dfsg-1ubuntu0.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libvncclient1
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libvncserver-dev→0.9.14+dfsg-1ubuntu0.1apt_upgrade
Standard apt upgrade. Install 0.9.14+dfsg-1ubuntu0.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libvncserver-dev
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libvncserver1→0.9.14+dfsg-1ubuntu0.1apt_upgrade
Standard apt upgrade. Install 0.9.14+dfsg-1ubuntu0.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libvncserver1
```
Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu questing

libvncserver→0.9.15+dfsg-1ubuntu0.1apt_upgrade
Standard apt upgrade. Install 0.9.15+dfsg-1ubuntu0.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libvncserver
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libvncclient1→0.9.15+dfsg-1ubuntu0.1apt_upgrade
Standard apt upgrade. Install 0.9.15+dfsg-1ubuntu0.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libvncclient1
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libvncserver-dev→0.9.15+dfsg-1ubuntu0.1apt_upgrade
Standard apt upgrade. Install 0.9.15+dfsg-1ubuntu0.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libvncserver-dev
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libvncserver1→0.9.15+dfsg-1ubuntu0.1apt_upgrade
Standard apt upgrade. Install 0.9.15+dfsg-1ubuntu0.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libvncserver1
```
Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu resolute

libvncserver→0.9.15+dfsg-3ubuntu0.1apt_upgrade
Standard apt upgrade. Install 0.9.15+dfsg-3ubuntu0.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libvncserver
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libvncclient1→0.9.15+dfsg-3ubuntu0.1apt_upgrade
Standard apt upgrade. Install 0.9.15+dfsg-3ubuntu0.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libvncclient1
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libvncserver-dev→0.9.15+dfsg-3ubuntu0.1apt_upgrade
Standard apt upgrade. Install 0.9.15+dfsg-3ubuntu0.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libvncserver-dev
```
Most apt upgrades restart their service automatically. needrestart lists anything else.
libvncserver1→0.9.15+dfsg-3ubuntu0.1apt_upgrade
Standard apt upgrade. Install 0.9.15+dfsg-3ubuntu0.1 from the apt repo.
```
sudo apt-get update
sudo apt-get install --only-upgrade -y libvncserver1
```
Most apt upgrades restart their service automatically. needrestart lists anything else.

Are YOU affected by USN-8463-1?

5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8463-1 (and any other live CVE) applies. Anonymous, no signup.

curl https://mindsparkstack.com/scan.sh | bash

Form-based quickscan Read the bash source first

Want this automated for your servers?

StackPatch runs this match against YOUR installed packages every hour

Free (3 servers) / from $9/mo (14-day free trial) / Solo $9/mo / Pro $29/mo / Team $79/mo. Indie pricing.

Start free trial →See StackPatch →Live audit log →