Oval Definition:
oval:org.mitre.oval:def:28316
Revision Date
:
2014-12-29
Version
:
8
Title
:
ELSA-2014-1826 -- libvncserver security update (moderate)
Description
:
[0.9.7-7.1]- Fix CVE-2014-6051 (integer overflow in screen size handling) (bug #1157668)- Fix CVE-2014-6052 (NULL pointer dereference in framebuffer setup) (bug #1157668)- Fix CVE-2014-6053 (NULL pointer dereference in ClientCutText message handling) (bug #1157668)- Fix CVE-2014-6054 (server divide-by-zero in scaling factor handling) (bug #1157668)- Fix CVE-2014-6055 (server stacked-based buffer overflow in file transfer handling) (bug #1157668)[0.9.7-7]- Revert CVE-2011-0904 and CVE-2011-0905 patch because libvncserver is not vulnerable (bug #696767)[0.9.7-6]- Fix CVE-2011-0904 and CVE-2011-0905 in more generic way (bug #696767)[0.9.7-5]- Fix CVE-2011-0904 (bug #696767)- Fix CVE-2011-0905 (bug #696767)
Family
:
unix
Class
:
patch
Status
:
ACCEPTED
Reference(s)
:
CVE-2014-6051
CVE-2014-6052
CVE-2014-6053
CVE-2014-6054
CVE-2014-6055
ELSA-2014-1826
Platform(s)
:
Oracle Linux 6
Oracle Linux 7
Product(s)
:
libvncserver
Definition Synopsis
Oracle Linux 6 release section
Oracle Linux 6.x
AND
Packages match section
libvncserver is earlier than 0:0.9.7-7.el6_6.1
OR
libvncserver-devel is earlier than 0:0.9.7-7.el6_6.1
Oracle Linux 7 release section
Oracle Linux 7.x
AND
Packages match section
libvncserver is earlier than 0:0.9.9-9.el7_0.1
OR
libvncserver-devel is earlier than 0:0.9.9-9.el7_0.1
BACK