Ubuntu Security Notice USN-2365-1

Ubuntu Security Notice USN-2365-1: Posted Sep 30, 2014; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2365-1 - Nicolas Ruff discovered that LibVNCServer incorrectly handled memory when being advertised large screen sizes by the server. If a user were tricked into connecting to a malicious server, an attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Nicolas Ruff discovered that LibVNCServer incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause a server to crash, resulting in a denial of service. Various other issues were also addressed.; tags | advisory, remote, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055; SHA-256 | 1012981752e63e94c1b4254f2082d30c69adc29f080cd07e6da7f2ca9de5b136; Download | Favorite | View

Ubuntu Security Notice USN-2365-1

============================================================================
Ubuntu Security Notice USN-2365-1
September 29, 2014

libvncserver vulnerabilities
============================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in LibVNCServer.

Software Description:
- libvncserver: vnc server library

Details:

Nicolas Ruff discovered that LibVNCServer incorrectly handled memory when
being advertised large screen sizes by the server. If a user were tricked
into connecting to a malicious server, an attacker could use this issue to
cause a denial of service, or possibly execute arbitrary code.
(CVE-2014-6051, CVE-2014-6052)

Nicolas Ruff discovered that LibVNCServer incorrectly handled large
ClientCutText messages. A remote attacker could use this issue to cause a
server to crash, resulting in a denial of service. (CVE-2014-6053)

Nicolas Ruff discovered that LibVNCServer incorrectly handled zero scaling
factor values. A remote attacker could use this issue to cause a server to
crash, resulting in a denial of service. (CVE-2014-6054)

Nicolas Ruff discovered that LibVNCServer incorrectly handled memory in the
file transfer feature. A remote attacker could use this issue to cause a
server to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2014-6055)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  libvncserver0                   0.9.9+dfsg-1ubuntu1.1

Ubuntu 12.04 LTS:
  libvncserver0                   0.9.8.2-2ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
  http://www.ubuntu.com/usn/usn-2365-1
  CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054,
  CVE-2014-6055

Package Information:
  https://launchpad.net/ubuntu/+source/libvncserver/0.9.9+dfsg-1ubuntu1.1
  https://launchpad.net/ubuntu/+source/libvncserver/0.9.8.2-2ubuntu1.1

Top Authors In Last 30 Days

Red Hat 219 files
Ubuntu 55 files
LiquidWorm 20 files
Debian 18 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,158)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,830)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,245)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,969)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Ubuntu Security Notice USN-2365-1

Ubuntu Security Notice USN-2365-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ubuntu Security Notice USN-2365-1

Share This

Ubuntu Security Notice USN-2365-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems