libvncserver-0.9.9-12.el7

エラータID: AXSA:2018-2817:02

Release date: 
Tuesday, April 17, 2018 - 12:39
Subject: 
libvncserver-0.9.9-12.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

LibVNCServer is a C library that enables you to implement VNC server functionality into own programs.

Security Fix(es):

* libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c (CVE-2018-7225)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2018-7225
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.

Solution: 

Update packages.

CVEs: 
CVE-2018-7225
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
Additional Info: 

N/A

Download: 

SRPMS
  1. libvncserver-0.9.9-12.el7.src.rpm
    MD5: 68d0aef5d6ac4b7fa647e12256703bf8
    SHA-256: c2cdbfe37b7bff144c35c95928d5ac91bda51679c398b846753b5dfed3345086
    Size: 1.62 MB

Asianux Server 7 for x86_64
  1. libvncserver-0.9.9-12.el7.x86_64.rpm
    MD5: 55400b3c4a145c3ec19ff41b9a206ecf
    SHA-256: c7feaf06e5bf2a0aaefaad4b0689de7d1f310aa586e0f724c0a710b58a8375b7
    Size: 232.57 kB
  2. libvncserver-0.9.9-12.el7.i686.rpm
    MD5: d1b029866b536d1ee7cf59457f200f2b
    SHA-256: e960e8711b0faf946b85d30a6fded4d838b859baea29f68f6da7efbc05579384
    Size: 228.60 kB