drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in LibVNCServer
Name: |
Mehrere Probleme in LibVNCServer |
|
ID: |
USN-2365-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS |
|
Datum: |
Mo, 29. September 2014, 23:19 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6055 |
|
Applikationen: |
LibVNCServer |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============4302293792894971377== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="kV8Nl5TCoS2w8VW5uwNDsXn9duJCNEj64"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --kV8Nl5TCoS2w8VW5uwNDsXn9duJCNEj64 Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2365-1 September 29, 2014
libvncserver vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in LibVNCServer.
Software Description: - libvncserver: vnc server library
Details:
Nicolas Ruff discovered that LibVNCServer incorrectly handled memory when being advertised large screen sizes by the server. If a user were tricked into connecting to a malicious server, an attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2014-6051, CVE-2014-6052)
Nicolas Ruff discovered that LibVNCServer incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause a server to crash, resulting in a denial of service. (CVE-2014-6053)
Nicolas Ruff discovered that LibVNCServer incorrectly handled zero scaling factor values. A remote attacker could use this issue to cause a server to crash, resulting in a denial of service. (CVE-2014-6054)
Nicolas Ruff discovered that LibVNCServer incorrectly handled memory in the file transfer feature. A remote attacker could use this issue to cause a server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-6055)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libvncserver0 0.9.9+dfsg-1ubuntu1.1
Ubuntu 12.04 LTS: libvncserver0 0.9.8.2-2ubuntu1.1
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2365-1 CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055
Package Information: https://launchpad.net/ubuntu/+source/libvncserver/0.9.9+dfsg-1ubuntu1.1 https://launchpad.net/ubuntu/+source/libvncserver/0.9.8.2-2ubuntu1.1
--kV8Nl5TCoS2w8VW5uwNDsXn9duJCNEj64 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJUKZMbAAoJEGVp2FWnRL6TxSgQAJxX2Qrsr905Gcv8A9+Fxusb uBAXMXV7HCtjEIwWI9GjREvUqhEWAFYP0ojqxL1/iCUlMFdGreRh0rhiylU2R61X ZCT2IQGFXiMWunJtm/iNz0CQDZg36taVB4Qpkt2EZ1bDv5eM8BbnjY9QxxpCDwzc z87gN/e38ivFXbqzyQDa5WJhTOh0PCqXKmCHIpRxQXV7zl0OC8y2e2B3HwT4ByJX 21kJsMxaNy3kcvTz5T+dhcri0Bm1kWsPHy1UieZvSeqnQTV3EODTeV0VOCN2qkN1 eb1nA/XL3frHErU1yJCsEO/T06NBmfVAj+FfIkFkq4+79bT8rdbCHRNsO4zknDQl 1/N2AlL9NxPAndlHNE5+NipLbqVAWoYNjnQdgQ5QlJio+f9Ap1cvK2Jw6ssACKVc 90qFGW1caHUT/xekEEkan6ZbpGSp1rRYhmlT9VcYJO0pe5Yesc55ex72OWvsAWN3 7owno60RxYtrmzsRtfujdR7lFUmZqTKciHvTPfGa5WKx4oGx641ZN+KuVmjZaLEG mzQHY5wde1YjeSE/QbFdw1rLxWBcubLk5AU927ynAubZoTFHIGMTyXAYKg735PvI ZPhaIr6OREcJDJIgGgtvcArMWemQ+Q6rtywJMNMuxjOEMybI+G5emhoaoXBfoK8a YEouByk6ZqjnjV1EgKpn =NjKI -----END PGP SIGNATURE-----
--kV8Nl5TCoS2w8VW5uwNDsXn9duJCNEj64--
--===============4302293792894971377== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============4302293792894971377==--
|
|
|
|