{"id":"MGASA-2014-0466","summary":"Updated kdenetwork4 packages fix security vulnerabilities in krfb","details":"A malicious VNC client can trigger multiple DoS conditions on the VNC server\nby advertising a large screen size, ClientCutText message length and/or a zero\nscaling factor parameter (CVE-2014-6053, CVE-2014-6054).\n\nA malicious VNC client can trigger multiple stack-based buffer overflows by\npassing a long file and directory names and/or attributes (FileTime) when\nusing the file transfer message feature (CVE-2014-6055).\n\nThe krfb package is built with a bundled copy of libvncserver.\n","modified":"2026-04-16T01:46:17.387301621Z","published":"2014-11-21T12:44:16Z","upstream":["CVE-2014-6053","CVE-2014-6054","CVE-2014-6055"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0466.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=14205"},{"type":"ADVISORY","url":"http://www.ocert.org/advisories/ocert-2014-007.html"},{"type":"ADVISORY","url":"https://www.kde.org/info/security/advisory-20140923-1.txt"}],"affected":[{"package":{"name":"kdenetwork4","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/kdenetwork4?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.10.5-1.3.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0466.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}