Security update for LibVNCServer SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:2207-1 Final 1 1 2015-12-04T10:37:50Z current 2015-12-04T10:37:50Z 2015-12-04T10:37:50Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for LibVNCServer The LibVNCServer package was updated to fix the following security issues: - bsc#897031: fix several security issues: * CVE-2014-6051: Integer overflow in MallocFrameBuffer() on client side. * CVE-2014-6052: Lack of malloc() return value checking on client side. * CVE-2014-6053: Server crash on a very large ClientCutText message. * CVE-2014-6054: Server crash when scaling factor is set to zero. * CVE-2014-6055: Multiple stack overflows in File Transfer feature. - bsc#854151: Restrict the SSL cipher suite. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html E-Mail link for openSUSE-SU-2015:2207-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 LibVNCServer-0.9.9-13.1 LibVNCServer-devel-0.9.9-13.1 libvncclient0-0.9.9-13.1 libvncserver0-0.9.9-13.1 linuxvnc-0.9.9-13.1 LibVNCServer-0.9.9-13.1 as a component of openSUSE Leap 42.1 LibVNCServer-devel-0.9.9-13.1 as a component of openSUSE Leap 42.1 libvncclient0-0.9.9-13.1 as a component of openSUSE Leap 42.1 libvncserver0-0.9.9-13.1 as a component of openSUSE Leap 42.1 linuxvnc-0.9.9-13.1 as a component of openSUSE Leap 42.1 Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow. CVE-2014-6051 openSUSE Leap 42.1:LibVNCServer-0.9.9-13.1 openSUSE Leap 42.1:LibVNCServer-devel-0.9.9-13.1 openSUSE Leap 42.1:libvncclient0-0.9.9-13.1 openSUSE Leap 42.1:libvncserver0-0.9.9-13.1 openSUSE Leap 42.1:linuxvnc-0.9.9-13.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html https://www.suse.com/security/cve/CVE-2014-6051.html CVE-2014-6051 https://bugzilla.suse.com/897031 SUSE Bug 897031 https://bugzilla.suse.com/900896 SUSE Bug 900896 The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message. CVE-2014-6052 openSUSE Leap 42.1:LibVNCServer-0.9.9-13.1 openSUSE Leap 42.1:LibVNCServer-devel-0.9.9-13.1 openSUSE Leap 42.1:libvncclient0-0.9.9-13.1 openSUSE Leap 42.1:libvncserver0-0.9.9-13.1 openSUSE Leap 42.1:linuxvnc-0.9.9-13.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html https://www.suse.com/security/cve/CVE-2014-6052.html CVE-2014-6052 https://bugzilla.suse.com/897031 SUSE Bug 897031 The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc. CVE-2014-6053 openSUSE Leap 42.1:LibVNCServer-0.9.9-13.1 openSUSE Leap 42.1:LibVNCServer-devel-0.9.9-13.1 openSUSE Leap 42.1:libvncclient0-0.9.9-13.1 openSUSE Leap 42.1:libvncserver0-0.9.9-13.1 openSUSE Leap 42.1:linuxvnc-0.9.9-13.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html https://www.suse.com/security/cve/CVE-2014-6053.html CVE-2014-6053 https://bugzilla.suse.com/897031 SUSE Bug 897031 The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message. CVE-2014-6054 openSUSE Leap 42.1:LibVNCServer-0.9.9-13.1 openSUSE Leap 42.1:LibVNCServer-devel-0.9.9-13.1 openSUSE Leap 42.1:libvncclient0-0.9.9-13.1 openSUSE Leap 42.1:libvncserver0-0.9.9-13.1 openSUSE Leap 42.1:linuxvnc-0.9.9-13.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html https://www.suse.com/security/cve/CVE-2014-6054.html CVE-2014-6054 https://bugzilla.suse.com/897031 SUSE Bug 897031 Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message. CVE-2014-6055 openSUSE Leap 42.1:LibVNCServer-0.9.9-13.1 openSUSE Leap 42.1:LibVNCServer-devel-0.9.9-13.1 openSUSE Leap 42.1:libvncclient0-0.9.9-13.1 openSUSE Leap 42.1:libvncserver0-0.9.9-13.1 openSUSE Leap 42.1:linuxvnc-0.9.9-13.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html https://www.suse.com/security/cve/CVE-2014-6055.html CVE-2014-6055 https://bugzilla.suse.com/897031 SUSE Bug 897031