Описание
Security update for tigervnc
This update for tigervnc provides the following fixes:
- Prevent malicious server from crashing a server via a buffer overflow, a similar flaw as the LibVNCServer issues CVE-2016-9941 and CVE-2016-9942. (bsc#1019274)
- CVE-2016-10207: Prevent potential crash due to insufficient clean-up after failure to establish TLS connection. (bsc#1023012)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
Ссылки
- Link for SUSE-SU-2017:0622-1
- E-Mail link for SUSE-SU-2017:0622-1
- SUSE Security Ratings
- SUSE Bug 1019274
- SUSE Bug 1023012
- SUSE CVE CVE-2016-10207 page
- SUSE CVE CVE-2016-9941 page
- SUSE CVE CVE-2016-9942 page
Описание
The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early.
Затронутые продукты
Ссылки
- CVE-2016-10207
- SUSE Bug 1023012
Описание
Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area.
Затронутые продукты
Ссылки
- CVE-2016-9941
- SUSE Bug 1017711
- SUSE Bug 1019274
Описание
Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions.
Затронутые продукты
Ссылки
- CVE-2016-9942
- SUSE Bug 1017712
- SUSE Bug 1019274