Описание
Security update for tigervnc
This update for tigervnc provides the following fixes:
- Prevent malicious server from crashing a server via a buffer overflow, a similar flaw as the LibVNCServer issues CVE-2016-9941 and CVE-2016-9942.. (bsc#1019274)
- CVE-2016-10207: Prevent potential crash due to insufficient clean-up after failure to establish TLS connection. (bsc#1023012)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
Ссылки
- Link for SUSE-SU-2017:0519-1
- E-Mail link for SUSE-SU-2017:0519-1
- SUSE Security Ratings
- SUSE Bug 1019274
- SUSE Bug 1023012
- SUSE CVE CVE-2016-10207 page
- SUSE CVE CVE-2016-9941 page
- SUSE CVE CVE-2016-9942 page
Описание
The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early.
Затронутые продукты
Ссылки
- CVE-2016-10207
- SUSE Bug 1023012
Описание
Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area.
Затронутые продукты
Ссылки
- CVE-2016-9941
- SUSE Bug 1017711
- SUSE Bug 1019274
Описание
Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions.
Затронутые продукты
Ссылки
- CVE-2016-9942
- SUSE Bug 1017712
- SUSE Bug 1019274