-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:146 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : libvncserver Date : March 29, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated libvncserver packages fix security vulnerabilities: An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker (CVE-2014-4607). The libvncserver library is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code. A malicious VNC server can trigger incorrect memory management handling by advertising a large screen size parameter to the VNC client. This would result in multiple memory corruptions and could allow remote code execution on the VNC client (CVE-2014-6051, CVE-2014-6052). A malicious VNC client can trigger multiple DoS conditions on the VNC server by advertising a large screen size, ClientCutText message length and/or a zero scaling factor parameter (CVE-2014-6053, CVE-2014-6054). A malicious VNC client can trigger multiple stack-based buffer overflows by passing a long file and directory names and/or attributes (FileTime) when using the file transfer message feature (CVE-2014-6055). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4607 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6055 http://advisories.mageia.org/MGASA-2014-0356.html http://advisories.mageia.org/MGASA-2014-0397.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 2/X86_64: 03972a91ec4c545d7adb31a70052b1da mbs2/x86_64/lib64vncserver0-0.9.9-4.1.mbs2.x86_64.rpm 1fa18e6e4fab02a75801ce5e1807ac48 mbs2/x86_64/lib64vncserver-devel-0.9.9-4.1.mbs2.x86_64.rpm 5a483661e96bc38566760b28f5c3a8f1 mbs2/x86_64/linuxvnc-0.9.9-4.1.mbs2.x86_64.rpm e65eba74f16605cbe40b899ef3ff62af mbs2/SRPMS/libvncserver-0.9.9-4.1.mbs2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFVF9eHmqjQ0CJFipgRAg/fAKCru327MZS4YBPejPDIWbMrwXrJHwCfSP+X w9mSAA3hc8P7f31m7UgmjeM= =BRU7 -----END PGP SIGNATURE-----