MDVSA-2014:229: libvncserver

Updated libvncserver packages fix security vulnerabilities:

A malicious VNC server can trigger incorrect memory management handling
by advertising a large screen size parameter to the VNC client. This
would result in multiple memory corruptions and could allow remote
code execution on the VNC client (CVE-2014-6051, CVE-2014-6052).

A malicious VNC client can trigger multiple DoS conditions on the VNC
server by advertising a large screen size, ClientCutText message length
and/or a zero scaling factor parameter (CVE-2014-6053, CVE-2014-6054).

A malicious VNC client can trigger multiple stack-based buffer
overflows by passing a long file and directory names and/or
attributes (FileTime) when using the file transfer message feature
(CVE-2014-6055).

Additionally libvncserver has been built against the new system
minilzo library which is also being provided with this advisory.

Leave a Reply