Security update for LibVNCServer SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0851-1 Final 1 1 2018-03-29T16:32:50Z current 2018-03-29T16:32:50Z 2018-03-29T16:32:50Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for LibVNCServer LibVNCServer was updated to fix two security issues. These security issues were fixed: - CVE-2018-7225: Missing input sanitization inside rfbserver.c rfbProcessClientNormalMessage() (bsc#1081493). - CVE-2016-9942: Heap-based buffer overflow in ultra.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions (bsc#1017712). - CVE-2016-9941: Heap-based buffer overflow in rfbproto.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area (bsc#1017711). This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00073.html E-Mail link for openSUSE-SU-2018:0851-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 LibVNCServer-0.9.9-16.3.1 LibVNCServer-devel-0.9.9-16.3.1 libvncclient0-0.9.9-16.3.1 libvncserver0-0.9.9-16.3.1 linuxvnc-0.9.9-16.3.1 LibVNCServer-0.9.9-16.3.1 as a component of openSUSE Leap 42.3 LibVNCServer-devel-0.9.9-16.3.1 as a component of openSUSE Leap 42.3 libvncclient0-0.9.9-16.3.1 as a component of openSUSE Leap 42.3 libvncserver0-0.9.9-16.3.1 as a component of openSUSE Leap 42.3 linuxvnc-0.9.9-16.3.1 as a component of openSUSE Leap 42.3 Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area. CVE-2016-9941 openSUSE Leap 42.3:LibVNCServer-0.9.9-16.3.1 openSUSE Leap 42.3:LibVNCServer-devel-0.9.9-16.3.1 openSUSE Leap 42.3:libvncclient0-0.9.9-16.3.1 openSUSE Leap 42.3:libvncserver0-0.9.9-16.3.1 openSUSE Leap 42.3:linuxvnc-0.9.9-16.3.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00073.html https://www.suse.com/security/cve/CVE-2016-9941.html CVE-2016-9941 https://bugzilla.suse.com/1017711 SUSE Bug 1017711 https://bugzilla.suse.com/1019274 SUSE Bug 1019274 Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions. CVE-2016-9942 openSUSE Leap 42.3:LibVNCServer-0.9.9-16.3.1 openSUSE Leap 42.3:LibVNCServer-devel-0.9.9-16.3.1 openSUSE Leap 42.3:libvncclient0-0.9.9-16.3.1 openSUSE Leap 42.3:libvncserver0-0.9.9-16.3.1 openSUSE Leap 42.3:linuxvnc-0.9.9-16.3.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00073.html https://www.suse.com/security/cve/CVE-2016-9942.html CVE-2016-9942 https://bugzilla.suse.com/1017712 SUSE Bug 1017712 https://bugzilla.suse.com/1019274 SUSE Bug 1019274 An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. CVE-2018-7225 openSUSE Leap 42.3:LibVNCServer-0.9.9-16.3.1 openSUSE Leap 42.3:LibVNCServer-devel-0.9.9-16.3.1 openSUSE Leap 42.3:libvncclient0-0.9.9-16.3.1 openSUSE Leap 42.3:libvncserver0-0.9.9-16.3.1 openSUSE Leap 42.3:linuxvnc-0.9.9-16.3.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00073.html https://www.suse.com/security/cve/CVE-2018-7225.html CVE-2018-7225 https://bugzilla.suse.com/1081493 SUSE Bug 1081493 https://bugzilla.suse.com/1090647 SUSE Bug 1090647