libvncserver-0.9.9-14.el7.1
エラータID: AXSA:2020-251:02
Release date:
Tuesday, August 4, 2020 - 04:12
Subject:
libvncserver-0.9.9-14.el7.1
Affected Channels:
Asianux Server 7 for x86_64
Severity:
High
Description:
LibVNCServer is a C library that enables you to implement VNC server functionality into own programs.
Security Fix(es):
* libvncserver: websocket decoding buffer overflow (CVE-2017-18922)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2017-18922
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.
Solution:
Update packages.
CVEs:
CVE-2017-18922
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.
Additional Info:
N/A
Download:
SRPMS
- libvncserver-0.9.9-14.el7.1.src.rpm
MD5: 4d2102d4727240b79e1cbbf0a3cd9067
SHA-256: 9740a878040513597c4f5a38372181ca11a40277f1b557141c39f44587b9d04b
Size: 1.63 MB
Asianux Server 7 for x86_64
- libvncserver-0.9.9-14.el7.1.x86_64.rpm
MD5: c2c1afc6099778385b70604f20e55096
SHA-256: 6874bd21ce5f9bb7fd7d85c1658c5a5ae1a41273af86e2fe3ed770fb49bb963f
Size: 234.67 kB - libvncserver-0.9.9-14.el7.1.i686.rpm
MD5: ffc593fe23375fd7f1fe966c38ade75e
SHA-256: 61397a780ad5606848f268a51f2b4c5a0a8127c3d978ff865a4e457aabda7143
Size: 230.40 kB
日本語