| Revision Date: | 2018-03-27 | Version: | 1 |
| Title: | Security update for LibVNCServer (Important) |
| Description: |
LibVNCServer was updated to fix two security issues.
These security issues were fixed:
- CVE-2018-7225: Missing input sanitization inside rfbserver.c rfbProcessClientNormalMessage() (bsc#1081493). - CVE-2016-9942: Heap-based buffer overflow in ultra.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions (bsc#1017712). - CVE-2016-9941: Heap-based buffer overflow in rfbproto.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area (bsc#1017711).
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1017711
1017712
1081493
CVE-2016-9941
CVE-2016-9942
CVE-2018-7225
SUSE-SU-2018:0830-1
|
| Platform(s): | SUSE Linux Enterprise Server 12 SP3
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information
libvncclient0-0.9.9-17.5.1 is installed
OR libvncserver0-0.9.9-17.5.1 is installed
|