{"id":"MGASA-2014-0397","summary":"Updated libvncserver & remmina packages fix security vulnerabilities","details":"Updated libvncserver and remmina packages fix security vulnerabilities:\n\nA malicious VNC server can trigger incorrect memory management handling by\nadvertising a large screen size parameter to the VNC client. This would result\nin multiple memory corruptions and could allow remote code execution on the\nVNC client (CVE-2014-6051, CVE-2014-6052).\n\nA malicious VNC client can trigger multiple DoS conditions on the VNC server\nby advertising a large screen size, ClientCutText message length and/or a zero\nscaling factor parameter (CVE-2014-6053, CVE-2014-6054).\n\nA malicious VNC client can trigger multiple stack-based buffer overflows by\npassing a long file and directory names and/or attributes (FileTime) when\nusing the file transfer message feature (CVE-2014-6055).\n\nThe remmina package had been built with a bundled copy of libvncserver.  It\nhas been rebuilt against the system libvncserver library to resolve these\nissues.\n","modified":"2026-04-16T01:45:16.816626574Z","published":"2014-10-07T09:22:51Z","upstream":["CVE-2014-6051","CVE-2014-6052","CVE-2014-6053","CVE-2014-6054","CVE-2014-6055"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0397.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=14155"},{"type":"ADVISORY","url":"http://www.ocert.org/advisories/ocert-2014-007.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html"}],"affected":[{"package":{"name":"libvncserver","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/libvncserver?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.9-2.2.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0397.json"}},{"package":{"name":"remmina","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/remmina?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.0-3.2.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0397.json"}},{"package":{"name":"libvncserver","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/libvncserver?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.9-3.2.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0397.json"}},{"package":{"name":"remmina","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/remmina?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.0-4.4.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0397.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}