Arch Linux Security Advisory ASA-201701-20 ========================================== Severity: Critical Date : 2017-01-13 CVE-ID : CVE-2016-9941 CVE-2016-9942 Package : libvncserver Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-124 Summary ======= The package libvncserver before version 0.9.11-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 0.9.11-1. # pacman -Syu "libvncserver>=0.9.11-1" The problems have been fixed upstream in version 0.9.11. Workaround ========== None. Description =========== - CVE-2016-9941 (arbitrary code execution) A heap-based buffer overflow has been discovered in rfbproto.c in the LibVNCClient part of LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area. - CVE-2016-9942 (arbitrary code execution) A heap-based buffer overflow has been discovered in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions. Impact ====== A remote attacker is able to use specially crafted messages to execute arbitrary code on the affected host. References ========== https://bugs.archlinux.org/task/52481 https://github.com/LibVNC/libvncserver/pull/137 https://security.archlinux.org/CVE-2016-9941 https://security.archlinux.org/CVE-2016-9942