Updated libvncserver & remmina packages fix security vulnerabilities
Publication date: 07 Oct 2014Modification date: 07 Oct 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-6051 , CVE-2014-6052 , CVE-2014-6053 , CVE-2014-6054 , CVE-2014-6055
Description
Updated libvncserver and remmina packages fix security vulnerabilities: A malicious VNC server can trigger incorrect memory management handling by advertising a large screen size parameter to the VNC client. This would result in multiple memory corruptions and could allow remote code execution on the VNC client (CVE-2014-6051, CVE-2014-6052). A malicious VNC client can trigger multiple DoS conditions on the VNC server by advertising a large screen size, ClientCutText message length and/or a zero scaling factor parameter (CVE-2014-6053, CVE-2014-6054). A malicious VNC client can trigger multiple stack-based buffer overflows by passing a long file and directory names and/or attributes (FileTime) when using the file transfer message feature (CVE-2014-6055). The remmina package had been built with a bundled copy of libvncserver. It has been rebuilt against the system libvncserver library to resolve these issues.
References
- https://bugs.mageia.org/show_bug.cgi?id=14155
- http://www.ocert.org/advisories/ocert-2014-007.html
- https://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6051
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6052
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6053
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6054
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6055
SRPMS
4/core
- libvncserver-0.9.9-3.2.mga4
- remmina-1.0.0-4.4.mga4
3/core
- libvncserver-0.9.9-2.2.mga3
- remmina-1.0.0-3.2.mga3