Advisories ยป MGASA-2017-0027

Updated libvncserver packages fix security vulnerability

Publication date: 27 Jan 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-9941 , CVE-2016-9942

Description

It was discovered that there were two vulnerabilities in libvncserver, a
library to create/embed a VNC server:

A heap-based buffer overflow that allows remote servers to cause a
denial of service via a crafted FramebufferUpdate message containing a
subrectangle outside of the drawing area (CVE-2016-9941).

A heap-based buffer overflow that allow remote servers to cause a denial
of service via a crafted FramebufferUpdate message with the "Ultra" type
tile such that the LZO decompressed payload exceeds the size of the tile
dimensions (CVE-2016-9942).
                

References

SRPMS

5/core