Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 536
Alerts This Week
Warning Icon 1 536

Ubuntu 16.10 USN-3171-1 Moderate: LibVNCServer Denial of Service

ubuntu
Calendar Grey January 11, 2017
Scroller Ubuntu
Recent Ubuntu updates address vulnerabilities in LibVNCServer that posed security concerns. These flaws included potential denial of service attacks and risks of code execution.
Several security issues were fixed in LibVNCServer.

Summary

Several security issues were fixed in LibVNCServer.

Software Description:

- libvncserver: vnc server library

Details:

Josef Gajdusek discovered that the LibVNCServer client library incorrectly

handled certain FrameBufferUpdate messages. If a user were tricked into

connecting to a malicious server, an attacker could use this issue to cause

a denial of service, or possibly execute arbitrary code. (CVE-2016-9941,

CVE-2016-9942)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.10:
  libvncclient1                   0.9.10+dfsg-3ubuntu0.16.10.1
  libvncserver1                   0.9.10+dfsg-3ubuntu0.16.10.1

Ubuntu 16.04 LTS:
  libvncclient1                   0.9.10+dfsg-3ubuntu0.16.04.1
  libvncserver1                   0.9.10+dfsg-3ubuntu0.16.04.1

Ubuntu 14.04 LTS:
  libvncserver0                   0.9.9+dfsg-1ubuntu1.2

Ubuntu 12.04 LTS:
  libvncserver0                   0.9.8.2-2ubuntu1.2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3171-1

CVE-2016-9941, CVE-2016-9942

January 11, 2017

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.