MGASA-2017-0027

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0027.html

Import Source

https://advisories.mageia.org/MGASA-2017-0027.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2017-0027

Related

Published

2017-01-27T20:30:52Z

Modified

2017-01-27T20:20:14Z

Summary

Updated libvncserver packages fix security vulnerability

Details

It was discovered that there were two vulnerabilities in libvncserver, a library to create/embed a VNC server:

A heap-based buffer overflow that allows remote servers to cause a denial of service via a crafted FramebufferUpdate message containing a subrectangle outside of the drawing area (CVE-2016-9941).

A heap-based buffer overflow that allow remote servers to cause a denial of service via a crafted FramebufferUpdate message with the "Ultra" type tile such that the LZO decompressed payload exceeds the size of the tile dimensions (CVE-2016-9942).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2017-0027

Affected packages