[El-errata] ELSA-2014-1826 Moderate: Oracle Linux 7 libvncserver security update

Tue Nov 11 10:22:27 PST 2014

Oracle Linux Security Advisory ELSA-2014-1826

https://access.redhat.com/errata/RHSA-2014:1826.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
libvncserver-0.9.9-9.el7_0.1.i686.rpm
libvncserver-0.9.9-9.el7_0.1.x86_64.rpm
libvncserver-devel-0.9.9-9.el7_0.1.i686.rpm
libvncserver-devel-0.9.9-9.el7_0.1.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/libvncserver-0.9.9-9.el7_0.1.src.rpm

Description of changes:

[0.9.9-9.1]
- Fix CVE-2014-6051 (integer overflow in screen size handling) (bug 
#1157670)
- Fix CVE-2014-6052 (NULL pointer dereference in framebuffer setup)
   (bug #1157670)
- Fix CVE-2014-6053 (NULL pointer dereference in ClientCutText message
   handling) (bug #1157670)
- Fix CVE-2014-6054 (server divide-by-zero in scaling factor handling)
   (bug #1157670)
- Fix CVE-2014-6055 (server stacked-based buffer overflow in file transfer
   handling) (bug #1157670)