Описание
Security update for LibVNCServer
LibVNCServer was updated to fix two security issues.
These security issues were fixed:
- CVE-2018-7225: Missing input sanitization inside rfbserver.c rfbProcessClientNormalMessage() (bsc#1081493).
- CVE-2016-9942: Heap-based buffer overflow in ultra.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions (bsc#1017712).
- CVE-2016-9941: Heap-based buffer overflow in rfbproto.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area (bsc#1017711).
Список пакетов
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Software Development Kit 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP3
Ссылки
- Link for SUSE-SU-2018:0830-1
- E-Mail link for SUSE-SU-2018:0830-1
- SUSE Security Ratings
- SUSE Bug 1017711
- SUSE Bug 1017712
- SUSE Bug 1081493
- SUSE CVE CVE-2016-9941 page
- SUSE CVE CVE-2016-9942 page
- SUSE CVE CVE-2018-7225 page
Описание
Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area.
Затронутые продукты
Ссылки
- CVE-2016-9941
- SUSE Bug 1017711
- SUSE Bug 1019274
Описание
Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions.
Затронутые продукты
Ссылки
- CVE-2016-9942
- SUSE Bug 1017712
- SUSE Bug 1019274
Описание
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
Затронутые продукты
Ссылки
- CVE-2018-7225
- SUSE Bug 1081493
- SUSE Bug 1090647