Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#57570 - [libvncserver] CVE-2018-7225
Attached to Project:
Arch Linux
Opened by Karol Babioch (kbabioch) - Monday, 19 February 2018, 15:52 GMT
Last edited by Jan de Groot (JGC) - Tuesday, 05 November 2019, 11:16 GMT
Opened by Karol Babioch (kbabioch) - Monday, 19 February 2018, 15:52 GMT
Last edited by Jan de Groot (JGC) - Tuesday, 05 November 2019, 11:16 GMT
|
DetailsAn issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
|
This task depends upon
Closed by Jan de Groot (JGC)
Tuesday, 05 November 2019, 11:16 GMT
Reason for closing: Fixed
Additional comments about closing: 0.9.12
Tuesday, 05 November 2019, 11:16 GMT
Reason for closing: Fixed
Additional comments about closing: 0.9.12