SUSE-SU-2015:2088-2
- Source
- https://www.suse.com/support/update/announcement/2015/suse-su-20152088-2/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:2088-2.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2015:2088-2
- Related
- Published
- 2015-12-30T13:04:00Z
- Modified
- 2015-12-30T13:04:00Z
- Summary
- Security update for LibVNCServer
- Details
-
The LibVNCServer package was updated to fix the following security issues:
- bsc#897031: fix several security issues:
- CVE-2014-6051: Integer overflow in MallocFrameBuffer() on client side.
- CVE-2014-6052: Lack of malloc() return value checking on client side.
- CVE-2014-6053: Server crash on a very large ClientCutText message.
- CVE-2014-6054: Server crash when scaling factor is set to zero.
- CVE-2014-6055: Multiple stack overflows in File Transfer feature.
- bsc#854151: Restrict the SSL cipher suite.
- bsc#897031: fix several security issues:
- References
-
- https://www.suse.com/support/update/announcement/2015/suse-su-20152088-2/
- https://bugzilla.suse.com/854151
- https://bugzilla.suse.com/897031
- https://www.suse.com/security/cve/CVE-2014-6051
- https://www.suse.com/security/cve/CVE-2014-6052
- https://www.suse.com/security/cve/CVE-2014-6053
- https://www.suse.com/security/cve/CVE-2014-6054
- https://www.suse.com/security/cve/CVE-2014-6055
Affected packages
SUSE:Linux Enterprise Software Development Kit 12 SP1 / LibVNCServer
Package
- Name
- LibVNCServer
- Purl
- pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1
SUSE:Linux Enterprise Server 12 SP1 / LibVNCServer
Package
- Name
- LibVNCServer
- Purl
- pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1