Описание
Security update for LibVNCServer
This update for LibVNCServer fixes the following issues:
- CVE-2018-7225: Missing input sanitization inside rfbserver.c rfbProcessClientNormalMessage() (bsc#1081493).
Список пакетов
SUSE Linux Enterprise Server 11 SP4
LibVNCServer-0.9.1-160.3.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
LibVNCServer-0.9.1-160.3.1
SUSE Linux Enterprise Software Development Kit 11 SP4
LibVNCServer-devel-0.9.1-160.3.1
Ссылки
- Link for SUSE-SU-2018:0875-1
- E-Mail link for SUSE-SU-2018:0875-1
- SUSE Security Ratings
- SUSE Bug 1081493
- SUSE CVE CVE-2018-7225 page
Описание
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:LibVNCServer-0.9.1-160.3.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:LibVNCServer-0.9.1-160.3.1
SUSE Linux Enterprise Software Development Kit 11 SP4:LibVNCServer-devel-0.9.1-160.3.1
Ссылки
- CVE-2018-7225
- SUSE Bug 1081493
- SUSE Bug 1090647