736 matches found
CVE-2018-7225
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact e.g., an integer overflow via specially crafted VNC packets...
CVE-2018-7225
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact e.g., an integer overflow via specially crafted VNC packets...
gtk-vnc security, bug fix, and enhancement update
0.7.0-2 - Fix reserved data size rhbz 1416783 - Fix inverted args in tests rhbz 1416783 - Avoid sign extension problems rhbz 1416783 - Fix crash with opening via GSocketAddress rhbz 1416783 - Fix crash & error reporting during connection timeout rhbz 1441120 - Fix incompatibility with libvncserve...
[SECURITY] Fedora 26 Update: libvncserver-0.9.11-2.fc26
LibVNCServer makes writing a VNC server or more correctly, a program expor ting a frame-buffer via the Remote Frame Buffer protocol easy. It hides the programmer from the tedious task of managing clients and compression schemata...
[SECURITY] Fedora 25 Update: libvncserver-0.9.11-2.fc25.1
LibVNCServer makes writing a VNC server or more correctly, a program expor ting a frame-buffer via the Remote Frame Buffer protocol easy. It hides the programmer from the tedious task of managing clients and compression schemata...
[SECURITY] Fedora 24 Update: libvncserver-0.9.11-2.fc24.1
LibVNCServer makes writing a VNC server or more correctly, a program expor ting a frame-buffer via the Remote Frame Buffer protocol easy. It hides the programmer from the tedious task of managing clients and compression schemata...
Fedora 24 : libvncserver (2017-dd5d2381e4)
Update to latest stable release, include fixes for gnutls and gtk-vnc compatibility. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible...
Fedora 25 : libvncserver (2017-0e08170fd3)
Update to latest stable release, include fixes for gnutls and gtk-vnc compatibility. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible...
Fedora Update for libvncserver FEDORA-2017-dd5d2381e4
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for libvncserver FEDORA-2017-0e08170fd3
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP1 : libvncserver (EulerOS-SA-2017-1046)
According to the versions of the libvncserver package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service...
GLSA-201702-24 : LibVNCServer/LibVNCClient: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201702-24 LibVNCServer/LibVNCClient: Multiple vulnerabilities Multiple vulnerabilities have been discovered in LibVNCServer and LibVNCClient. Please review the CVE identifiers referenced below for details. Impact : A remote attack...
LibVNCServer/LibVNCClient: Multiple vulnerabilities
Background LibVNCServer/LibVNCClient are cross-platform C libraries that allow you to easily implement VNC server or client functionality in your program. Description Multiple vulnerabilities have been discovered in LibVNCServer and LibVNCClient. Please review the CVE identifiers referenced below...
Updated libvncserver packages fix security vulnerability
It was discovered that there were two vulnerabilities in libvncserver, a library to create/embed a VNC server: A heap-based buffer overflow that allows remote servers to cause a denial of service via a crafted FramebufferUpdate message containing a subrectangle outside of the drawing area...
LibVNCServer LibVNCClient FramebufferUpdate Rectangle Heap Buffer Overflow (CVE-2016-9941)
A heap-based buffer overflow has been reported in LibVNCServer LibVNCClient. The vulnerability is due to improper handling of FramebufferUpdate messages with specially crafted rectangles. A remote attacker could exploit this vulnerability by enticing a user to connect to a malicious VNC server an...
[ASA-201701-20] libvncserver: arbitrary code execution
Arch Linux Security Advisory ASA-201701-20 ========================================== Severity: Critical Date : 2017-01-13 CVE-ID : CVE-2016-9941 CVE-2016-9942 Package : libvncserver Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-124 Summary ======= The...
Ubuntu 14.04 LTS / 16.04 LTS : LibVNCServer vulnerabilities (USN-3171-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3171-1 advisory. Josef Gajdusek discovered that the LibVNCServer client library incorrectly handled certain FrameBufferUpdate messages. If a user were tricked...
SUSE SLES11 Security Update : LibVNCServer (SUSE-SU-2017:0104-1)
LibVNCServer was updated to fix two security issues. These security issues were fixed : - CVE-2016-9941: Heap-based buffer overflow in rfbproto.c allowed remote servers to cause a denial of service application crash or possibly execute arbitrary code via a crafted FramebufferUpdate message...
Ubuntu: Security Advisory (USN-3171-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3171-1: LibVNCServer vulnerabilities
Josef Gajdusek discovered that the LibVNCServer client library incorrectly handled certain FrameBufferUpdate messages. If a user were tricked into connecting to a malicious server, an attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. CVE-2016-9941,...