Описание
Security update for LibVNCServer
This update for LibVNCServer fixes the following issues:
- CVE-2017-18922: Fixed an issue which could have allowed to an attacker to pre-auth overwrite a function pointer which subsequently used leading to potential remote code execution (bsc#1173477).
Список пакетов
SUSE Linux Enterprise Module for Package Hub 15 SP1
libvncserver0-0.9.10-4.19.1
SUSE Linux Enterprise Module for Package Hub 15 SP2
libvncserver0-0.9.10-4.19.1
SUSE Linux Enterprise Workstation Extension 15 SP1
libvncclient0-0.9.10-4.19.1
SUSE Linux Enterprise Workstation Extension 15 SP2
libvncclient0-0.9.10-4.19.1
libvncserver0-0.9.10-4.19.1
Ссылки
- Link for SUSE-SU-2020:1873-1
- E-Mail link for SUSE-SU-2020:1873-1
- SUSE Security Ratings
- SUSE Bug 1173477
- SUSE CVE CVE-2017-18922 page
Описание
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.
Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP1:libvncserver0-0.9.10-4.19.1
SUSE Linux Enterprise Module for Package Hub 15 SP2:libvncserver0-0.9.10-4.19.1
SUSE Linux Enterprise Workstation Extension 15 SP1:libvncclient0-0.9.10-4.19.1
SUSE Linux Enterprise Workstation Extension 15 SP2:libvncclient0-0.9.10-4.19.1
Ссылки
- CVE-2017-18922
- SUSE Bug 1173477