Mangelnde Eingabeprüfung in LibVNCServer
ID: | FEDORA-2018-390001d1c7 |
Distribution: | Fedora |
Plattformen: | Fedora 28 |
Datum: | Fr, 30. März 2018, 22:01 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7225 |
Applikationen: | LibVNCServer |
Originalnachricht |
|
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2018-390001d1c7 2018-03-30 12:38:03.494044 -------------------------------------------------------------------------------- Name : libvncserver Product : Fedora 28 Version : 0.9.11 Release : 6.fc28 URL : http://libvnc.github.io/ Summary : Library to make writing a VNC server easy Description : LibVNCServer makes writing a VNC server (or more correctly, a program exporting a frame-buffer via the Remote Frame Buffer protocol) easy. It hides the programmer from the tedious task of managing clients and compression schemata. -------------------------------------------------------------------------------- Update Information: This release fixes a possible sensitive data leak and a memory exhaustion when handling ClientTextCut messages of the RFB protocol. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1546858 - CVE-2018-7225 libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c https://bugzilla.redhat.com/show_bug.cgi?id=1546858 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade libvncserver' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org |