Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in LibVNCServer.
Software Description:
- libvncserver: vnc server library
Details:
Nicolas Ruff discovered that LibVNCServer incorrectly handled memory when
being advertised large screen sizes by the server. If a user were tricked
into connecting to a malicious server, an attacker could use this issue to
cause a denial of service, or possibly execute arbitrary code.
(CVE-2014-6051, CVE-2014-6052)
Nicolas Ruff discovered that LibVNCServer incorrectly handled large
ClientCutText messages. A remote attacker could use this issue to cause a
server to crash, resulting in a denial of service. (CVE-2014-6053)
Nicolas Ruff discovered that LibVNCServer incorrectly handled zero scaling
factor values. A remote attacker could use this issue to cause a server to
crash, resulting in a denial of service. (CVE-2014-6054)
Nicolas Ruff discovered that LibVNCServer incorrectly handled memory in the
file transfer feature. A remote attacker...
The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: libvncserver0 0.9.9+dfsg-1ubuntu1.1 Ubuntu 12.04 LTS: libvncserver0 0.9.8.2-2ubuntu1.1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-2365-1
CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054,
CVE-2014-6055
Get the latest Linux and open source security news straight to your inbox.