LibVNCServer: Multiple vulnerabilities

Background LibVNCServer is a cross-platform C library that allows you to easily implement VNC server functionality in your program. Description Multiple vulnerabilities have been discovered in LibVNCServer. Please review the CVE identifiers referenced below for details. Impact A remote attacker m...

openSUSE Security Update : LibVNCServer (openSUSE-2015-377)

LibVNCServer was updated to version 0.9.10 to fix several security and non-security issues. The following issues were fixed : - Remove xorg-x11-devel from buildRequires, X libraries are not directly used/linked - libvncserver-0.9.10-ossl.patch: Update, do not RANDloadfile'/dev/urandom', 1024 if t...

Vulnerabilities of the Gentoo Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the libvncserver package up to version 0.8.2 of the Gentoo Linux operating system can lead to violations of privacy, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

Debian DLA-197-1 : libvncserver security update

Several vulnerabilities have been discovered in libvncserver, a library to implement VNC server functionality. These vulnerabilities might result in the execution of arbitrary code or denial of service in both the client and the server side. For the oldstable distribution squeeze, these problems...

[SECURITY] [DLA 197-1] libvncserver security update

Package : libvncserver Version : 0.9.7-2+deb6u1 CVE ID : CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055 Debian Bug : 762745 Several vulnerabilities have been discovered in libvncserver, a library to implement VNC server functionality. These vulnerabilities might result in t...

DLA-197-1 libvncserver - security update

Bulletin has no description...

Mandriva Linux Security Advisory : libvncserver (MDVSA-2015:146)

Updated libvncserver packages fix security vulnerabilities : An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker CVE-2014-4607. The...

RHEL 6 : libvncserver (RHSA-2015:0113)

Updated libvncserver packages that fix two security issues are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

libvncserver: integer overflow flaw, leading to a heap-based buffer overflow in screen size handling

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code in the client...

Moderate: Red Hat Security Advisory: libvncserver security update

Updated libvncserver packages that fix two security issues are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

CVE-2014-6053

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service memory consumption or daemon crash via a crafted...

CVE-2014-6052

The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service application crash or possibly execute arbitrary code by specifying a large screen size in a 1...

Design/Logic Flaw

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service memory consumption or daemon crash via a crafted...

CVE-2014-6052

The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service application crash or possibly execute arbitrary code by specifying a large screen size in a 1...

CVE-2014-6052

CVE-2014-6052 affects LibVNCServer (0.9.9 and earlier) where LibVNCClient’s HandleRFBServerMessage in libvncclient/rfbproto.c fails to validate certain malloc return values. This can allow a remote VNC server to trigger a denial of service (application crash) or potentially execute arbitrary code...

CVE-2014-6053

The CVE-2014-6053 issue affects LibVNCServer up to version 0.9.9, where rfbProcessClientNormalMessage does not properly handle large ClientCutText data, enabling a remote attacker to cause a denial of service via a crafted message processed by a single unchecked malloc. Connected sources (Astra L...

CVE-2014-6052

The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service application crash or possibly execute arbitrary code by specifying a large screen size in a 1...

CVE-2014-6053

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service memory consumption or daemon crash via a crafted...

Debian DSA-3081-1 : libvncserver - security update

Several vulnerabilities have been discovered in libvncserver, a library to implement VNC server functionality. These vulnerabilities might result in the execution of arbitrary code or denial of service in both the client and the server side. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Th...

[SECURITY] [DSA 3081-1] libvncserver security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3081-1 [email protected] http://www.debian.org/security/ Luciano Bello November 29, 2014 http://www.debian.org/security/faq -...