Описание
Security update for LibVNCServer
The LibVNCServer package was updated to fix the following security issues:
- bsc#897031: fix several security issues:
- CVE-2014-6051: Integer overflow in MallocFrameBuffer() on client side.
- CVE-2014-6052: Lack of malloc() return value checking on client side.
- CVE-2014-6053: Server crash on a very large ClientCutText message.
- CVE-2014-6054: Server crash when scaling factor is set to zero.
- CVE-2014-6055: Multiple stack overflows in File Transfer feature.
- bsc#854151: Restrict the SSL cipher suite.
Список пакетов
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Software Development Kit 12 SP1
Ссылки
- Link for SUSE-SU-2015:2088-2
- E-Mail link for SUSE-SU-2015:2088-2
- SUSE Security Ratings
- SUSE Bug 854151
- SUSE Bug 897031
- SUSE CVE CVE-2014-6051 page
- SUSE CVE CVE-2014-6052 page
- SUSE CVE CVE-2014-6053 page
- SUSE CVE CVE-2014-6054 page
- SUSE CVE CVE-2014-6055 page
Описание
Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.
Затронутые продукты
Ссылки
- CVE-2014-6051
- SUSE Bug 897031
- SUSE Bug 900896
Описание
The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.
Затронутые продукты
Ссылки
- CVE-2014-6052
- SUSE Bug 897031
Описание
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.
Затронутые продукты
Ссылки
- CVE-2014-6053
- SUSE Bug 897031
Описание
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.
Затронутые продукты
Ссылки
- CVE-2014-6054
- SUSE Bug 897031
Описание
Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.
Затронутые продукты
Ссылки
- CVE-2014-6055
- SUSE Bug 897031