[El-errata] ELSA-2014-1826 Moderate: Oracle Linux 6 libvncserver security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Nov 11 14:54:34 PST 2014
Oracle Linux Security Advisory ELSA-2014-1826
https://rhn.redhat.com/errata/RHSA-2014-1826.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
i386:
libvncserver-0.9.7-7.el6_6.1.i686.rpm
libvncserver-devel-0.9.7-7.el6_6.1.i686.rpm
x86_64:
libvncserver-0.9.7-7.el6_6.1.i686.rpm
libvncserver-0.9.7-7.el6_6.1.x86_64.rpm
libvncserver-devel-0.9.7-7.el6_6.1.i686.rpm
libvncserver-devel-0.9.7-7.el6_6.1.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/libvncserver-0.9.7-7.el6_6.1.src.rpm
Description of changes:
[0.9.7-7.1]
- Fix CVE-2014-6051 (integer overflow in screen size handling) (bug
#1157668)
- Fix CVE-2014-6052 (NULL pointer dereference in framebuffer setup)
(bug #1157668)
- Fix CVE-2014-6053 (NULL pointer dereference in ClientCutText message
handling) (bug #1157668)
- Fix CVE-2014-6054 (server divide-by-zero in scaling factor handling)
(bug #1157668)
- Fix CVE-2014-6055 (server stacked-based buffer overflow in file transfer
handling) (bug #1157668)
[0.9.7-7]
- Revert CVE-2011-0904 and CVE-2011-0905 patch because libvncserver is not
vulnerable (bug #696767)
[0.9.7-6]
- Fix CVE-2011-0904 and CVE-2011-0905 in more generic way (bug #696767)
[0.9.7-5]
- Fix CVE-2011-0904 (bug #696767)
- Fix CVE-2011-0905 (bug #696767)
More information about the El-errata
mailing list