What is the vulnerability ID for this advisory?

The vulnerability ID for this advisory is CVE-2014-6051.

How does the LibVNCServer vulnerability affect users?

If a user connects to a malicious server, an attacker could cause a denial of service or execute arbitrary code.

Which version of LibVNCServer is affected by this vulnerability?

LibVNCServer versions 0.9.9+dfsg-1ubuntu1.1 and 0.9.8.2-2ubuntu1.1 are affected by this vulnerability.

What is the remedy for this vulnerability?

The remedy for this vulnerability is to upgrade to version 0.9.9+dfsg-1ubuntu1.1 for Ubuntu 14.04 and version 0.9.8.2-2ubuntu1.1 for Ubuntu 12.04.

Where can I find more information about this vulnerability?

You can find more information about this vulnerability at the following references: [link1](https://ubuntu.com/security/CVE-2014-6051), [link2](https://ubuntu.com/security/CVE-2014-6052), [link3](https://ubuntu.com/security/CVE-2014-6053).

Vulnerability/
USN-2365-1

29/9/2014

USN-2365-1: LibVNCServer vulnerabilities

First published: Mon Sep 29 2014(Updated: )

Nicolas Ruff discovered that LibVNCServer incorrectly handled memory when being advertised large screen sizes by the server. If a user were tricked into connecting to a malicious server, an attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2014-6051, CVE-2014-6052) Nicolas Ruff discovered that LibVNCServer incorrectly handled large ClientCutText messages. A remote attacker could use this issue to cause a server to crash, resulting in a denial of service. (CVE-2014-6053) Nicolas Ruff discovered that LibVNCServer incorrectly handled zero scaling factor values. A remote attacker could use this issue to cause a server to crash, resulting in a denial of service. (CVE-2014-6054) Nicolas Ruff discovered that LibVNCServer incorrectly handled memory in the file transfer feature. A remote attacker could use this issue to cause a server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-6055)

Affected Software	Affected Version	How to fix
All of
ubuntu/libvncserver0	<0.9.9+dfsg-1ubuntu1.1	0.9.9+dfsg-1ubuntu1.1
	=14.04
All of
ubuntu/libvncserver0	<0.9.8.2-2ubuntu1.1	0.9.8.2-2ubuntu1.1
	=12.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID for this advisory?
The vulnerability ID for this advisory is CVE-2014-6051.
How does the LibVNCServer vulnerability affect users?
If a user connects to a malicious server, an attacker could cause a denial of service or execute arbitrary code.
Which version of LibVNCServer is affected by this vulnerability?
LibVNCServer versions 0.9.9+dfsg-1ubuntu1.1 and 0.9.8.2-2ubuntu1.1 are affected by this vulnerability.
What is the remedy for this vulnerability?
The remedy for this vulnerability is to upgrade to version 0.9.9+dfsg-1ubuntu1.1 for Ubuntu 14.04 and version 0.9.8.2-2ubuntu1.1 for Ubuntu 12.04.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability at the following references: [link1](https://ubuntu.com/security/CVE-2014-6051), [link2](https://ubuntu.com/security/CVE-2014-6052), [link3](https://ubuntu.com/security/CVE-2014-6053).

agent/references
agent/severity
agent/last-modified-date
agent/first-publish-date
agent/type
agent/softwarecombine
collector/usn
source/Ubuntu
anchor-related/USN-4587-1
anchor-related/USN-4573-1
agent/software-canonical-lookup
agent/title
agent/tags
agent/description
agent/event
agent/trending
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/14.04
version/ubuntu ubuntu/12.04