Incoming CVE details
Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before
0.9.11 allows remote servers to cause a denial of service (application
crash) or possibly execute arbitrary code via a crafted FramebufferUpdate
message with the Ultra type tile, such that the LZO payload decompressed
length exceeds what is specified by the tile dimensions.
Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer
before 0.9.11 allows remote servers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
FramebufferUpdate message containing a subrectangle outside of the client
@ Maintainer(s): Please bump to >=net-libs/libvncserve-0.9.11 and let us know if it is ready for the stabilization or how long you want to wait.
Now in repository, https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=13bf08599c6d332501292db40aea7b9179efc257
please test and mark stable: =net-libs/libvncserver-0.9.11
test with x11vnc or similar
Stable on alpha.
Stable for PPC64.
Stable for HPPA.
arm stable, all arches done.
glsa request filed
please drop <net-libs/libvncserver-0.9.11-r1, thanks
Already done via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6c329ef7d981dbb47dee4c1b45d7a98b7f60e38e
This issue was resolved and addressed in
GLSA 201702-24 at https://security.gentoo.org/glsa/201702-24
by GLSA coordinator Thomas Deutschmann (whissi).