Univention Bugzilla – Bug 47293
libvncserver: Multiple issues (4.3)
Last modified: 2018-07-04 14:54:07 CEST
New Debian libvncserver 0.9.11+dfsg-1+deb9u1 fixes: This update addresses the following issue(s): * This update addresses the following issue(s): * * An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. (CVE-2018-7225) 0.9.11+dfsg-1+deb9u1 (Tue, 05 Jun 2018 14:43:47 +0200) * Non-maintainer upload. * Fix CVE-2018-7225: Uninitialized and potentially sensitive data could be accessed by remote attackers because the msg.cct.length in rfbserver.c was not sanitized. * CVE-2018-7225 libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c (CVE-2018-7225)
[4.3-1] c97737f1df Bug #47293: libvncserver 0.9.11+dfsg-1+deb9u1 doc/errata/staging/libvncserver.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) <http://10.200.17.11/4.3-1/#3280082352749065397>
<http://jenkins.knut.univention.de:8080/job/UCS-4.3/job/UCS-4.3-1/job/ErrataValidation/233/console> OK: Jenkins <http://jenkins.knut.univention.de:8080/job/UCS-4.3/job/UCS-4.3-1/job/AutotestJoin/lastCompletedBuild/testReport/>
<http://errata.software-univention.de/ucs/4.3/134.html>