Updated libvncserver packages fix security vulnerabilityPublication date: 27 Jan 2017
Affected Mageia releases : 5
CVE: CVE-2016-9941 , CVE-2016-9942
It was discovered that there were two vulnerabilities in libvncserver, a library to create/embed a VNC server: A heap-based buffer overflow that allows remote servers to cause a denial of service via a crafted FramebufferUpdate message containing a subrectangle outside of the drawing area (CVE-2016-9941). A heap-based buffer overflow that allow remote servers to cause a denial of service via a crafted FramebufferUpdate message with the "Ultra" type tile such that the LZO decompressed payload exceeds the size of the tile dimensions (CVE-2016-9942).