Remote Code Execution (RCE)

krfb is vulnerable to remote code execution. The vulnerability is possible due to an integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2...

openSUSE Security Update : LibVNCServer (openSUSE-2015-377)

LibVNCServer was updated to version 0.9.10 to fix several security and non-security issues. The following issues were fixed : - Remove xorg-x11-devel from buildRequires, X libraries are not directly used/linked - libvncserver-0.9.10-ossl.patch: Update, do not RANDloadfile'/dev/urandom', 1024 if t...

MGASA-2014-0466 Updated kdenetwork4 packages fix security vulnerabilities in krfb

A malicious VNC client can trigger multiple DoS conditions on the VNC server by advertising a large screen size, ClientCutText message length and/or a zero scaling factor parameter CVE-2014-6053, CVE-2014-6054. A malicious VNC client can trigger multiple stack-based buffer overflows by passing a...

Scientific Linux Security Update : kdenetwork on SL7.x x86_64 (20141111)

A NULL pointer dereference flaw was found in the way LibVNCServer handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client. CVE-2014-6053 A divide-by-zero flaw was found in the way...

CentOS 7 : kdenetwork (CESA-2014:1827)

Updated kdenetwork packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...

kdenetwork security update

CentOS Errata and Security Advisory CESA-2014:1827 Updated kdenetwork packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

Moderate: Red Hat Security Advisory: kdenetwork security update

Updated kdenetwork packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...

MGASA-2014-0432 Updated KDE 4 and related packages move to KDE 4.12.5

This KDE 4 update provides an upgrade to the last stable version of KDE Applications and Development Platform for the 4.12 series, and updates Plasma Workspaces to 4.11.12. This update fixes several security vulnerabilities - KMail/KIO POP3 SSL MITM Flaw CVE-2014-3494 - mga13545 - KAuth PID Reuse...

Updated KDE 4 and related packages move to KDE 4.12.5

This KDE 4 update provides an upgrade to the last stable version of KDE Applications and Development Platform for the 4.12 series, and updates Plasma Workspaces to 4.11.12. This update fixes several security vulnerabilities - KMail/KIO POP3 SSL MITM Flaw CVE-2014-3494 - mga13545 - KAuth PID Reuse...

Fedora 19 : krfb-4.11.5-4.fc19 (2014-11464)

security fix, unbundles libvncserver and uses the system libvncserver. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora Update for krfb FEDORA-2014-11464

Check the version of krfb SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868369";...

[SECURITY] Fedora 19 Update: krfb-4.11.5-4.fc19

Runtime libraries for krfb...

Fedora Update for krfb FEDORA-2014-11448

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 20 Update: krfb-4.14.1-1.fc20

Runtime libraries for krfb...

[SECURITY] Fedora 20 Update: kdenetwork-4.14.1-1.fc20

Networking applications, including: kdenetwork-filesharing: Network filesharing kdnssd: Network Monitor for DNS-SD services Zeroconf kget: Downloade manager kopete: Chat client kppp: Dialer and front end for pppd krdc: Remote desktop client krfb: Desktop sharing...

FreeBSD : krfb -- Multiple security issues in bundled libvncserver (fb25333d-442f-11e4-98f3-5453ed2e2b49)

Martin Sandsmark reports : krfb 4.14 and earlier embeds libvncserver which has had several security issues. Several remotely exploitable security issues have been uncovered in libvncserver, some of which might allow a remote authenticated user code execution or application crashes. %NASLMINLEVEL...

krfb -- Multiple security issues in bundled libvncserver

Martin Sandsmark reports: krfb 4.14 and earlier embeds libvncserver which has had several security issues. Several remotely exploitable security issues have been uncovered in libvncserver, some of which might allow a remote authenticated user code execution or application crashes...

MGASA-2014-0360 Updated kdenetwork4 packages fixes security vulnerability in krfb

An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The libvncserver library is built with a bundled copy of minilzo, which is...

Updated kdenetwork4 packages fixes security vulnerability in krfb

An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The libvncserver library is built with a bundled copy of minilzo, which is...

[SECURITY] Fedora 19 Update: krfb-4.11.5-3.fc19

Runtime libraries for krfb...