blob: fea0f2f02c220e96849de8d07771e9ee1cfb3a51 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
<define-tag description>LTS security update</define-tag>
<define-tag moreinfo>
<p>It was discovered that there were two vulnerabilities in libvncserver, a
library to create/embed a VNC server:</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-9941">CVE-2016-9941</a>
<p>Fix a heap-based buffer overflow that allows remote servers
to cause a denial of service via a crafted FramebufferUpdate message
containing a subrectangle outside of the drawing area.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2016-9942">CVE-2016-9942</a>
<p>Fix a heap-based buffer overflow that allow remote servers
to cause a denial of service via a crafted FramebufferUpdate message with
the <q>Ultra</q> type tile such that the LZO decompressed payload exceeds the
size of the tile dimensions.</p></li>
</ul>
<p>For Debian 7 <q>Wheezy</q>, these issues have been fixed in libvncserver version
0.9.9+dfsg-1+deb7u2.</p>
<p>We recommend that you upgrade your libvncserver packages.</p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/lts/security/2017/dla-777.data"
# $Id: $
|