Overview

File _patchinfo of Package patchinfo.1485

<patchinfo incident="1485">
  <issue id="854151" tracker="bnc">AUDIT-0: LibVNCServer:insecure openssl cipher suite</issue>
  <issue id="897031" tracker="bnc">VUL-0: libvncserver / other vnc implementation: various issues</issue>
  <issue id="CVE-2014-6051" tracker="cve" />
  <issue id="CVE-2014-6053" tracker="cve" />
  <issue id="CVE-2014-6052" tracker="cve" />
  <issue id="CVE-2014-6055" tracker="cve" />
  <issue id="CVE-2014-6054" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>rmax</packager>
  <description>The LibVNCServer package was updated to fix the following security issues:

- bsc#897031: fix several security issues:
  * CVE-2014-6051: Integer overflow in MallocFrameBuffer() on client side.
  * CVE-2014-6052: Lack of malloc() return value checking on client side.
  * CVE-2014-6053: Server crash on a very large ClientCutText message.
  * CVE-2014-6054: Server crash when scaling factor is set to zero.
  * CVE-2014-6055: Multiple stack overflows in File Transfer feature.
- bsc#854151: Restrict the SSL cipher suite.
</description>
  <summary>Security update for LibVNCServer</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places