Univention Bugzilla – Bug 47546
libvncserver: Multiple issues (4.2)
Last modified: 2018-08-15 16:20:39 CEST
New Debian libvncserver 0.9.9+dfsg2-6.1+deb8u3 fixes: This update addresses the following issue(s): * * An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. (CVE-2018-7225) 0.9.9+dfsg2-6.1+deb8u3 (Tue, 05 Jun 2018 14:05:57 +0200) * Non-maintainer upload. * Fix CVE-2018-7225: Uninitialized and potentially sensitive data could be accessed by remote attackers because the msg.cct.length in rfbserver.c was not sanitized. * CVE-2018-7225 libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c (CVE-2018-7225)
--- mirror/ftp/4.2/unmaintained/4.2-0/source/libvncserver_0.9.9+dfsg2-6.1+deb8u2.dsc +++ apt/ucs_4.2-0-errata4.2-4/source/libvncserver_0.9.9+dfsg2-6.1+deb8u3.dsc @@ -1,3 +1,10 @@ +0.9.9+dfsg2-6.1+deb8u3 [Tue, 05 Jun 2018 14:05:57 +0200] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload. + * Fix CVE-2018-7225: Uninitialized and potentially sensitive data could be + accessed by remote attackers because the msg.cct.length in rfbserver.c was + not sanitized. (Closes: #894045) + 0.9.9+dfsg2-6.1+deb8u2 [Tue, 03 Jan 2017 09:41:51 +0100] Peter Spiess-Knafl <dev@spiessknafl.at>: * CVE-2016-9941 (Closes: #850007) <http://10.200.17.11/4.2-4/#6773918246536118581>
OK: patch OK: piuparts OK: errata-announce OK: yaml [4.2-4] eeca186394 Bug #47546: libvncserver 0.9.9+dfsg2-6.1+deb8u3 doc/errata/staging/libvncserver.yaml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) [4.2-4] 79c3e379e1 Bug #47546: libvncserver 0.9.9+dfsg2-6.1+deb8u3 doc/errata/staging/libvncserver.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<http://errata.software-univention.de/ucs/4.2/465.html>