Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2015:2207-1

Опубликовано: 04 дек. 2015
Источник: suse-cvrf

Описание

Security update for LibVNCServer

The LibVNCServer package was updated to fix the following security issues:

  • bsc#897031: fix several security issues:
    • CVE-2014-6051: Integer overflow in MallocFrameBuffer() on client side.
    • CVE-2014-6052: Lack of malloc() return value checking on client side.
    • CVE-2014-6053: Server crash on a very large ClientCutText message.
    • CVE-2014-6054: Server crash when scaling factor is set to zero.
    • CVE-2014-6055: Multiple stack overflows in File Transfer feature.
  • bsc#854151: Restrict the SSL cipher suite.

Список пакетов

openSUSE Leap 42.1
LibVNCServer-0.9.9-13.1
LibVNCServer-devel-0.9.9-13.1
libvncclient0-0.9.9-13.1
libvncserver0-0.9.9-13.1
linuxvnc-0.9.9-13.1

Ссылки

Описание

Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.

Затронутые продукты
openSUSE Leap 42.1:LibVNCServer-0.9.9-13.1
openSUSE Leap 42.1:LibVNCServer-devel-0.9.9-13.1
openSUSE Leap 42.1:libvncclient0-0.9.9-13.1
openSUSE Leap 42.1:libvncserver0-0.9.9-13.1
Ссылки

Описание

The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.

Затронутые продукты
openSUSE Leap 42.1:LibVNCServer-0.9.9-13.1
openSUSE Leap 42.1:LibVNCServer-devel-0.9.9-13.1
openSUSE Leap 42.1:libvncclient0-0.9.9-13.1
openSUSE Leap 42.1:libvncserver0-0.9.9-13.1
Ссылки

Описание

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.

Затронутые продукты
openSUSE Leap 42.1:LibVNCServer-0.9.9-13.1
openSUSE Leap 42.1:LibVNCServer-devel-0.9.9-13.1
openSUSE Leap 42.1:libvncclient0-0.9.9-13.1
openSUSE Leap 42.1:libvncserver0-0.9.9-13.1
Ссылки

Описание

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.

Затронутые продукты
openSUSE Leap 42.1:LibVNCServer-0.9.9-13.1
openSUSE Leap 42.1:LibVNCServer-devel-0.9.9-13.1
openSUSE Leap 42.1:libvncclient0-0.9.9-13.1
openSUSE Leap 42.1:libvncserver0-0.9.9-13.1
Ссылки

Описание

Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.

Затронутые продукты
openSUSE Leap 42.1:LibVNCServer-0.9.9-13.1
openSUSE Leap 42.1:LibVNCServer-devel-0.9.9-13.1
openSUSE Leap 42.1:libvncclient0-0.9.9-13.1
openSUSE Leap 42.1:libvncserver0-0.9.9-13.1
Ссылки