Bug 47293
| Summary: | libvncserver: Multiple issues (4.3) | ||
|---|---|---|---|
| Product: | UCS | Reporter: | Philipp Hahn <hahn> |
| Component: | Security updates | Assignee: | Quality Assurance <qa> |
| Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
| Severity: | normal | ||
| Priority: | P3 | ||
| Version: | UCS 4.3 | ||
| Target Milestone: | UCS 4.3-1-errata | ||
| Hardware: | All | ||
| OS: | Linux | ||
| What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
| Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
| User Pain: | Enterprise Customer affected?: | ||
| School Customer affected?: | ISV affected?: | ||
| Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
| Ticket number: | Bug group (optional): | ||
| Max CVSS v3 score: | 5.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L) | ||
[4.3-1] c97737f1df Bug #47293: libvncserver 0.9.11+dfsg-1+deb9u1 doc/errata/staging/libvncserver.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) <http://10.200.17.11/4.3-1/#3280082352749065397> <http://jenkins.knut.univention.de:8080/job/UCS-4.3/job/UCS-4.3-1/job/ErrataValidation/233/console> OK: Jenkins <http://jenkins.knut.univention.de:8080/job/UCS-4.3/job/UCS-4.3-1/job/AutotestJoin/lastCompletedBuild/testReport/> |
New Debian libvncserver 0.9.11+dfsg-1+deb9u1 fixes: This update addresses the following issue(s): * This update addresses the following issue(s): * * An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. (CVE-2018-7225) 0.9.11+dfsg-1+deb9u1 (Tue, 05 Jun 2018 14:43:47 +0200) * Non-maintainer upload. * Fix CVE-2018-7225: Uninitialized and potentially sensitive data could be accessed by remote attackers because the msg.cct.length in rfbserver.c was not sanitized. * CVE-2018-7225 libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c (CVE-2018-7225)