Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2014-1826

Опубликовано: 11 нояб. 2014
Источник: oracle-oval
Платформа: Oracle Linux 6
Платформа: Oracle Linux 7

Описание

ELSA-2014-1826: libvncserver security update (MODERATE)

[0.9.7-7.1]

  • Fix CVE-2014-6051 (integer overflow in screen size handling) (bug #1157668)
  • Fix CVE-2014-6052 (NULL pointer dereference in framebuffer setup) (bug #1157668)
  • Fix CVE-2014-6053 (NULL pointer dereference in ClientCutText message handling) (bug #1157668)
  • Fix CVE-2014-6054 (server divide-by-zero in scaling factor handling) (bug #1157668)
  • Fix CVE-2014-6055 (server stacked-based buffer overflow in file transfer handling) (bug #1157668)

[0.9.7-7]

  • Revert CVE-2011-0904 and CVE-2011-0905 patch because libvncserver is not vulnerable (bug #696767)

[0.9.7-6]

  • Fix CVE-2011-0904 and CVE-2011-0905 in more generic way (bug #696767)

[0.9.7-5]

  • Fix CVE-2011-0904 (bug #696767)
  • Fix CVE-2011-0905 (bug #696767)

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

libvncserver

0.9.7-7.el6_6.1

libvncserver-devel

0.9.7-7.el6_6.1

Oracle Linux i686

libvncserver

0.9.7-7.el6_6.1

libvncserver-devel

0.9.7-7.el6_6.1

Oracle Linux sparc64

libvncserver

0.9.7-7.el6_6.1

libvncserver-devel

0.9.7-7.el6_6.1

Oracle Linux 7

Oracle Linux aarch64

libvncserver

0.9.9-9.el7_0.1

libvncserver-devel

0.9.9-9.el7_0.1

Oracle Linux x86_64

libvncserver

0.9.9-9.el7_0.1

libvncserver-devel

0.9.9-9.el7_0.1

Связанные CVE

CVE-2014-6051
CVE-2014-6052
CVE-2014-6053
CVE-2014-6054
CVE-2014-6055

Ссылки на источники

Связанные уязвимости

suse-cvrf логотип

openSUSE-SU-2015:2207-1

suse-cvrf
больше 9 лет назад

Security update for LibVNCServer

suse-cvrf логотип

SUSE-SU-2015:2110-1

suse-cvrf
больше 9 лет назад

Security update for LibVNCServer

suse-cvrf логотип

SUSE-SU-2015:2088-2

suse-cvrf
больше 9 лет назад

Security update for LibVNCServer

suse-cvrf логотип

SUSE-SU-2015:2088-1

suse-cvrf
больше 9 лет назад

Security update for LibVNCServer

ubuntu логотип

CVE-2014-6051

ubuntu
почти 11 лет назад

Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.