SUSE 11-SP4: SUSE-SU-2017:0104-1 Important: LibVNCServer Denial of Service
suse
January 11, 2017
An update that fixes two vulnerabilities is now available
Summary
LibVNCServer was updated to fix two security issues. These security issues were fixed: - CVE-2016-9941: Heap-based buffer overflow in rfbproto.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area (bsc#1017711) - CVE-2016-9942: Heap-based buffer overflow in ultra.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions (bsc#1017712) Patch Instructions: To install this SUSE Security Update use YaST online_update.
References
#1017711 #1017712
Cross- CVE-2016-9941 CVE-2016-9942
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
https://www.suse.com/security/cve/CVE-2016-9941.html
https://www.suse.com/security/cve/CVE-2016-9942.html
https://bugzilla.suse.com/1017711
https://bugzilla.suse.com/1017712
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2017:0104-1
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!