Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0466)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2014.0466

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2014-0466)

Resumen: The remote host is missing an update for the 'kdenetwork4' package(s) announced via the MGASA-2014-0466 advisory.

Descripción: Summary:
The remote host is missing an update for the 'kdenetwork4' package(s) announced via the MGASA-2014-0466 advisory.

Vulnerability Insight:
A malicious VNC client can trigger multiple DoS conditions on the VNC server
by advertising a large screen size, ClientCutText message length and/or a zero
scaling factor parameter (CVE-2014-6053, CVE-2014-6054).

A malicious VNC client can trigger multiple stack-based buffer overflows by
passing a long file and directory names and/or attributes (FileTime) when
using the file transfer message feature (CVE-2014-6055).

The krfb package is built with a bundled copy of libvncserver.

Affected Software/OS:
'kdenetwork4' package(s) on Mageia 3.

Solution:
Please install the updated package(s).

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-6053
Debian Security Information: DSA-3081 (Google Search)
http://www.debian.org/security/2014/dsa-3081
https://security.gentoo.org/glsa/201507-07
http://www.ocert.org/advisories/ocert-2014-007.html
https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html
https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html
https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html
http://seclists.org/oss-sec/2014/q3/639
http://www.openwall.com/lists/oss-security/2014/09/25/11
http://secunia.com/advisories/61506
http://secunia.com/advisories/61682
SuSE Security Announcement: openSUSE-SU-2015:2207 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html
http://ubuntu.com/usn/usn-2365-1
https://usn.ubuntu.com/4573-1/
https://usn.ubuntu.com/4587-1/
Common Vulnerability Exposure (CVE) ID: CVE-2014-6054
BugTraq ID: 70094
http://www.securityfocus.com/bid/70094
http://www.ubuntu.com/usn/USN-2365-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-6055
BugTraq ID: 70096
http://www.securityfocus.com/bid/70096
http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html
RedHat Security Advisories: RHSA-2015:0113
http://rhn.redhat.com/errata/RHSA-2015-0113.html
XForce ISS Database: libvncserver-cve20146055-bo(96187)
https://exchange.xforce.ibmcloud.com/vulnerabilities/96187

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0466
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0466)
Resumen:	The remote host is missing an update for the 'kdenetwork4' package(s) announced via the MGASA-2014-0466 advisory.
Descripción:	Summary: The remote host is missing an update for the 'kdenetwork4' package(s) announced via the MGASA-2014-0466 advisory. Vulnerability Insight: A malicious VNC client can trigger multiple DoS conditions on the VNC server by advertising a large screen size, ClientCutText message length and/or a zero scaling factor parameter (CVE-2014-6053, CVE-2014-6054). A malicious VNC client can trigger multiple stack-based buffer overflows by passing a long file and directory names and/or attributes (FileTime) when using the file transfer message feature (CVE-2014-6055). The krfb package is built with a bundled copy of libvncserver. Affected Software/OS: 'kdenetwork4' package(s) on Mageia 3. Solution: Please install the updated package(s). CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-6053 Debian Security Information: DSA-3081 (Google Search) http://www.debian.org/security/2014/dsa-3081 https://security.gentoo.org/glsa/201507-07 http://www.ocert.org/advisories/ocert-2014-007.html https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html http://seclists.org/oss-sec/2014/q3/639 http://www.openwall.com/lists/oss-security/2014/09/25/11 http://secunia.com/advisories/61506 http://secunia.com/advisories/61682 SuSE Security Announcement: openSUSE-SU-2015:2207 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-12/msg00022.html http://ubuntu.com/usn/usn-2365-1 https://usn.ubuntu.com/4573-1/ https://usn.ubuntu.com/4587-1/ Common Vulnerability Exposure (CVE) ID: CVE-2014-6054 BugTraq ID: 70094 http://www.securityfocus.com/bid/70094 http://www.ubuntu.com/usn/USN-2365-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-6055 BugTraq ID: 70096 http://www.securityfocus.com/bid/70096 http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/139654.html RedHat Security Advisories: RHSA-2015:0113 http://rhn.redhat.com/errata/RHSA-2015-0113.html XForce ISS Database: libvncserver-cve20146055-bo(96187) https://exchange.xforce.ibmcloud.com/vulnerabilities/96187
Copyright	Copyright (C) 2022 Greenbone AG