openSUSE Leap 42.3: 2018:0851-1 Important LibVNCServer Denial of Service

opensuse

March 30, 2018

An update that fixes three vulnerabilities is now available.

Description

LibVNCServer was updated to fix two security issues.

These security issues were fixed:

- CVE-2018-7225: Missing input sanitization inside rfbserver.c

rfbProcessClientNormalMessage() (bsc#1081493).

- CVE-2016-9942: Heap-based buffer overflow in ultra.c allowed remote

servers to cause a denial of service (application crash) or possibly

execute arbitrary code via a crafted FramebufferUpdate message with the

Ultra type tile, such that the LZO payload decompressed length exceeds

what is specified by the tile dimensions (bsc#1017712).

- CVE-2016-9941: Heap-based buffer overflow in rfbproto.c allowed remote

servers to cause a denial of service (application crash) or possibly

execute arbitrary code via a crafted FramebufferUpdate message

containing a subrectangle outside of the client drawing area

(bsc#1017711).

This update was imported from the SUSE:SLE-12:Update update project.

Topics Covered

security advisory security update critical heap overflow Denial of Service openSUSE LibVNCServer

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-326=1

Package List

- openSUSE Leap 42.3 (i586 x86_64):

LibVNCServer-debugsource-0.9.9-16.3.1

LibVNCServer-devel-0.9.9-16.3.1

libvncclient0-0.9.9-16.3.1

libvncclient0-debuginfo-0.9.9-16.3.1

libvncserver0-0.9.9-16.3.1

libvncserver0-debuginfo-0.9.9-16.3.1

linuxvnc-0.9.9-16.3.1

linuxvnc-debuginfo-0.9.9-16.3.1

References

https://www.suse.com/security/cve/CVE-2016-9941.html

https://www.suse.com/security/cve/CVE-2016-9942.html

https://www.suse.com/security/cve/CVE-2018-7225.html

https://bugzilla.suse.com/1017711

https://bugzilla.suse.com/1017712

https://bugzilla.suse.com/1081493

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: openSUSE-SU-2018:0851-1

Rating: important

Affected Products: openSUSE Leap 42.3

Topics Covered

security advisory security update critical heap overflow Denial of Service openSUSE LibVNCServer

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE Leap 42.3: 2018:0851-1 Important LibVNCServer Denial of Service

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE Leap 42.3: 2018:0851-1 Important LibVNCServer Denial of Service

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!