Lucene search

K
suseSuseSUSE-SU-2017:0104-1
HistoryJan 11, 2017 - 2:08 p.m.

Security update for LibVNCServer (important)

2017-01-1114:08:29
lists.opensuse.org
18

EPSS

0.012

Percentile

85.5%

LibVNCServer was updated to fix two security issues.

These security issues were fixed:

  • CVE-2016-9941: Heap-based buffer overflow in rfbproto.c allowed remote
    servers to cause a denial of service (application crash) or possibly
    execute arbitrary code via a crafted FramebufferUpdate message
    containing a subrectangle outside of the client drawing area
    (bsc#1017711)
  • CVE-2016-9942: Heap-based buffer overflow in ultra.c allowed remote
    servers to cause a denial of service (application crash) or possibly
    execute arbitrary code via a crafted FramebufferUpdate message with the
    Ultra type tile, such that the LZO payload decompressed length exceeds
    what is specified by the tile dimensions (bsc#1017712)