Описание
Security update for LibVNCServer
LibVNCServer was updated to fix two security issues.
These security issues were fixed:
- CVE-2016-9941: Heap-based buffer overflow in rfbproto.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area (bsc#1017711)
- CVE-2016-9942: Heap-based buffer overflow in ultra.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions (bsc#1017712)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4
Ссылки
- Link for SUSE-SU-2017:0104-1
- E-Mail link for SUSE-SU-2017:0104-1
- SUSE Security Ratings
- SUSE Bug 1017711
- SUSE Bug 1017712
- SUSE CVE CVE-2016-9941 page
- SUSE CVE CVE-2016-9942 page
Описание
Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area.
Затронутые продукты
Ссылки
- CVE-2016-9941
- SUSE Bug 1017711
- SUSE Bug 1019274
Описание
Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions.
Затронутые продукты
Ссылки
- CVE-2016-9942
- SUSE Bug 1017712
- SUSE Bug 1019274