{"affected":[{"ecosystem_specific":{"binaries":[{"libvncclient0":"0.9.9-17.5.1","libvncserver0":"0.9.9-17.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for Raspberry Pi 12 SP2","name":"LibVNCServer","purl":"pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.9.9-17.5.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"LibVNCServer-devel":"0.9.9-17.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP2","name":"LibVNCServer","purl":"pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.9.9-17.5.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"LibVNCServer-devel":"0.9.9-17.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP3","name":"LibVNCServer","purl":"pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.9.9-17.5.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libvncclient0":"0.9.9-17.5.1","libvncserver0":"0.9.9-17.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2","name":"LibVNCServer","purl":"pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.9.9-17.5.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libvncclient0":"0.9.9-17.5.1","libvncserver0":"0.9.9-17.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP2","name":"LibVNCServer","purl":"pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.9.9-17.5.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libvncclient0":"0.9.9-17.5.1","libvncserver0":"0.9.9-17.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP3","name":"LibVNCServer","purl":"pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.9.9-17.5.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libvncclient0":"0.9.9-17.5.1","libvncserver0":"0.9.9-17.5.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP3","name":"LibVNCServer","purl":"pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.9.9-17.5.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nLibVNCServer was updated to fix two security issues.\n\nThese security issues were fixed:\n\n- CVE-2018-7225: Missing input sanitization inside rfbserver.c rfbProcessClientNormalMessage() (bsc#1081493).\n- CVE-2016-9942: Heap-based buffer overflow in ultra.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions (bsc#1017712).\n- CVE-2016-9941: Heap-based buffer overflow in rfbproto.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area (bsc#1017711).\n  ","id":"SUSE-SU-2018:0830-1","modified":"2018-03-27T14:28:22Z","published":"2018-03-27T14:28:22Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20180830-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1017711"},{"type":"REPORT","url":"https://bugzilla.suse.com/1017712"},{"type":"REPORT","url":"https://bugzilla.suse.com/1081493"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9941"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9942"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-7225"}],"related":["CVE-2016-9941","CVE-2016-9942","CVE-2018-7225"],"summary":"Security update for LibVNCServer","upstream":["CVE-2016-9941","CVE-2016-9942","CVE-2018-7225"]}