Bug 47293 - libvncserver: Multiple issues (4.3)
libvncserver: Multiple issues (4.3)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.3
All Linux
: P3 normal (vote)
: UCS 4.3-1-errata
Assigned To: Quality Assurance
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-07-03 14:13 CEST by Philipp Hahn
Modified: 2018-07-04 14:54 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 5.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2018-07-03 14:13:38 CEST
New Debian libvncserver 0.9.11+dfsg-1+deb9u1 fixes:
This update addresses the following issue(s):
* 

This update addresses the following issue(s):
* 
* An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. (CVE-2018-7225)

0.9.11+dfsg-1+deb9u1 (Tue, 05 Jun 2018 14:43:47 +0200)
  * Non-maintainer upload.
  * Fix CVE-2018-7225: Uninitialized and potentially sensitive data could be
    accessed by remote attackers because the msg.cct.length in rfbserver.c was
    not sanitized.
* CVE-2018-7225 libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c (CVE-2018-7225)
Comment 1 Philipp Hahn univentionstaff 2018-07-03 16:38:59 CEST
[4.3-1] c97737f1df Bug #47293: libvncserver 0.9.11+dfsg-1+deb9u1
 doc/errata/staging/libvncserver.yaml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

<http://10.200.17.11/4.3-1/#3280082352749065397>
Comment 3 Arvid Requate univentionstaff 2018-07-04 14:54:07 CEST
<http://errata.software-univention.de/ucs/4.3/134.html>