Advisories ยป MGASA-2014-0397

Updated libvncserver & remmina packages fix security vulnerabilities

Publication date: 07 Oct 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-6051 , CVE-2014-6052 , CVE-2014-6053 , CVE-2014-6054 , CVE-2014-6055

Description

Updated libvncserver and remmina packages fix security vulnerabilities:

A malicious VNC server can trigger incorrect memory management handling by
advertising a large screen size parameter to the VNC client. This would result
in multiple memory corruptions and could allow remote code execution on the
VNC client (CVE-2014-6051, CVE-2014-6052).

A malicious VNC client can trigger multiple DoS conditions on the VNC server
by advertising a large screen size, ClientCutText message length and/or a zero
scaling factor parameter (CVE-2014-6053, CVE-2014-6054).

A malicious VNC client can trigger multiple stack-based buffer overflows by
passing a long file and directory names and/or attributes (FileTime) when
using the file transfer message feature (CVE-2014-6055).

The remmina package had been built with a bundled copy of libvncserver.  It
has been rebuilt against the system libvncserver library to resolve these
issues.
                

References

SRPMS

3/core

4/core