Public bug reported:
http://www.kde.org/info/security/advisory-20140803-1.txt
Overview
========
krfb embeds libvncserver which embeds liblzo2, it contains various flaws
that result in integer overflow problems.
Impact
======
This potentially allows a malicious application to create a possible denial of
service or code execution.
Due to the need to exploit precise details of the target architecture and
threading
it is unlikely that remote code execution can be achieved in practice.
** Affects: krfb (Ubuntu)
Importance: Undecided
Status: Fix Released
** Affects: krfb (Ubuntu Trusty)
Importance: Undecided
Status: New
** Affects: krfb (Ubuntu Utopic)
Importance: Undecided
Status: Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-4607
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1352421
Title:
possible denial of service or code execution via integer overflow
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krfb/+bug/1352421/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
