libvncserver-0.9.11-15.el8.1
エラータID: AXSA:2020-527:03
Release date:
Monday, September 28, 2020 - 08:56
Subject:
libvncserver-0.9.11-15.el8.1
Affected Channels:
Asianux Server 8 for x86_64
Severity:
High
Description:
LibVNCServer is a C library that enables you to implement VNC server functionality into own programs.
Security Fix(es):
* libvncserver: websocket decoding buffer overflow (CVE-2017-18922)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2017-18922
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.
Solution:
Update packages.
CVEs:
CVE-2017-18922
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.
Additional Info:
N/A
Download:
SRPMS
- libvncserver-0.9.11-15.el8.1.src.rpm
MD5: eea9acbbd4750e8b5bda0cb24e4e2970
SHA-256: 07946ddb642ce37b901ece2ed3dfa9af7161009eafa1e648419b1e197db52f13
Size: 1.38 MB
Asianux Server 8 for x86_64
- libvncserver-0.9.11-15.el8.1.x86_64.rpm
MD5: 6a1bd7b60f35f7f6dfb9784c53d30de5
SHA-256: e861e1e266a358434aa75f8de267d6cb82c72e5384cbb59e66d4fbdb886c4175
Size: 274.76 kB - libvncserver-0.9.11-15.el8.1.i686.rpm
MD5: 57382ccdf1e06d5b46cf5ed2368553dd
SHA-256: 2a341147734669d2e0c50e2a2584fe524e8424781a5f426f1a190b5b7244b5b3
Size: 285.00 kB