libvncserver security update

CentOS Errata and Security Advisory CESA-2014:1826 Updated libvncserver packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS ba...

libvncserver: integer overflow flaw, leading to a heap-based buffer overflow in screen size handling

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code in the client...

libvncserver: NULL pointer dereference flaw in framebuffer setup

A NULL pointer dereference flaw was found in LibVNCServer's framebuffer setup. A malicious VNC server could use this flaw to cause a VNC client to crash...

Moderate: Red Hat Security Advisory: libvncserver security update

Updated libvncserver packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...

libvncserver security update

0.9.7-7.1 - Fix CVE-2014-6051 integer overflow in screen size handling bug 1157668 - Fix CVE-2014-6052 NULL pointer dereference in framebuffer setup bug 1157668 - Fix CVE-2014-6053 NULL pointer dereference in ClientCutText message handling bug 1157668 - Fix CVE-2014-6054 server divide-by-zero in...

LibVNCServer scale.c rfbSendNewScaleSize Use After Free

A use-after-free vulnerability has been found in LibVNCServer. The vulnerability is due to an issue with processing wrt scaling messages. A remote attacker can exploit this vulnerability by sending a wrt scaling message and terminating the connection before receiving server's response. Successful...

Updated KDE 4 and related packages move to KDE 4.12.5

This KDE 4 update provides an upgrade to the last stable version of KDE Applications and Development Platform for the 4.12 series, and updates Plasma Workspaces to 4.11.12. This update fixes several security vulnerabilities - KMail/KIO POP3 SSL MITM Flaw CVE-2014-3494 - mga13545 - KAuth PID Reuse...

LibVNCServer rfbProcessClientNormalMessage msg.ssc.scale Divide by Zero Denial of Service (CVE-2014-6054)

A denial of service vulnerability exists in LibVNCserver. The vulnerability is due to a division by zero when processing an rfbSetScale message. A remote authenticated attacker can exploit this vulnerability by sending a specially crafted RFB message to the server...

Fedora 19 : krfb-4.11.5-4.fc19 (2014-11464)

security fix, unbundles libvncserver and uses the system libvncserver. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Updated libvncserver & remmina packages fix security vulnerabilities

Updated libvncserver and remmina packages fix security vulnerabilities: A malicious VNC server can trigger incorrect memory management handling by advertising a large screen size parameter to the VNC client. This would result in multiple memory corruptions and could allow remote code execution on...

DEBIAN-CVE-2014-6054

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service divide-by-zero error and server crash via a zero value in the scaling factor in a 1 PalmVNCSetScaleFactor or 2 SetScale message...

Denial of service

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service divide-by-zero error and server crash via a zero value in the scaling factor in a 1 PalmVNCSetScaleFactor or 2 SetScale message...

CVE-2014-6054

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service divide-by-zero error and server crash via a zero value in the scaling factor in a 1 PalmVNCSetScaleFactor or 2 SetScale message...

CVE-2014-6054

CVE-2014-6054 affects LibVNCServer: rfbProcessClientNormalMessage handles the scaling factor and can crash the server via a division-by-zero when the factor is 0. This is a remote-denial-of-service condition. Connected advisories (Debian, CentOS/RHEL, Mageia, Arch Linux, Gentoo) report fixes via ...

CVE-2014-6054

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service divide-by-zero error and server crash via a zero value in the scaling factor in a 1 PalmVNCSetScaleFactor or 2 SetScale message...

Fedora 19 : libvncserver-0.9.10-0.6.20140718git9453be42.fc19 (2014-11541)

Various security fixes, including CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as mu...

[SECURITY] Fedora 19 Update: libvncserver-0.9.10-0.6.20140718git9453be42.fc19

LibVNCServer makes writing a VNC server or more correctly, a program exporting a framebuffer via the Remote Frame Buffer protocol easy. It hides the programmer from the tedious task of managing clients and compression schemata...

Fedora Update for libvncserver FEDORA-2014-11541

Check the version of libvncserver SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868357";...

[SECURITY] Fedora 21 Update: libvncserver-0.9.10-0.6.20140718git9453be42.fc21

LibVNCServer makes writing a VNC server or more correctly, a program exporting a framebuffer via the Remote Frame Buffer protocol easy. It hides the programmer from the tedious task of managing clients and compression schemata...

Fedora Update for libvncserver FEDORA-2014-11537

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...