Bugzilla – Bug 1017712
VUL-0: CVE-2016-9942: LibVNCServer,x11vnc: Heap-based buffer overflow via crafted FramebufferUpdate message with the Ultra type tile
Last modified: 2019-11-02 17:51:46 UTC
Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions. Poc in: https://github.com/LibVNC/libvncserver/pull/137 Fix: https://github.com/LibVNC/libvncserver/commit/5fff4353f66427b467eb29e5fdc1da4f2be028bb Also found in openSUSE: x11vnc References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9942 http://www.cvedetails.com/cve/CVE-2016-9942/ https://github.com/LibVNC/libvncserver/pull/137 https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11
bugbot adjusting priority
Reassigning to opensuse bugowner in order to do version update to 0.9.11 in tumbleweed. I wanted to do myself but it seems there is some work on patches, which we maintain (maybe needlesly?). Please reassign to security-team@ afterwards.
We would need openSUSE maintenance submissions for: openSUSE:13.2:Update/LibVNCServer openSUSE:13.2:Update/x11vnc openSUSE:Leap:42.1:Update/x11vnc openSUSE:Leap:42.2:Update/x11vnc
SUSE-SU-2017:0104-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 1017711,1017712 CVE References: CVE-2016-9941,CVE-2016-9942 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): LibVNCServer-0.9.1-159.1 SUSE Linux Enterprise Server 11-SP4 (src): LibVNCServer-0.9.1-159.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): LibVNCServer-0.9.1-159.1
SUSE-SU-2018:0830-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1017711,1017712,1081493 CVE References: CVE-2016-9941,CVE-2016-9942,CVE-2018-7225 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP3 (src): LibVNCServer-0.9.9-17.5.1 SUSE Linux Enterprise Software Development Kit 12-SP2 (src): LibVNCServer-0.9.9-17.5.1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src): LibVNCServer-0.9.9-17.5.1 SUSE Linux Enterprise Server 12-SP3 (src): LibVNCServer-0.9.9-17.5.1 SUSE Linux Enterprise Server 12-SP2 (src): LibVNCServer-0.9.9-17.5.1
Appears to still be missing in x11vnc in Leap 42.3. The original bugowner is gone, can anyone of you submit this one?
openSUSE-SU-2018:0851-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1017711,1017712,1081493 CVE References: CVE-2016-9941,CVE-2016-9942,CVE-2018-7225 Sources used: openSUSE Leap 42.3 (src): LibVNCServer-0.9.9-16.3.1
done