Ubuntu
krfb package

possible denial of service or code execution via integer overflow

Bug #1352421 reported by Jonathan Riddell
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
krfb (Ubuntu)
Fix Released
Undecided
Unassigned
Trusty
Fix Released
Undecided
Unassigned
Utopic
Fix Released
Undecided
Unassigned

Bug Description

http://www.kde.org/info/security/advisory-20140803-1.txt

Overview
========

krfb embeds libvncserver which embeds liblzo2, it contains various flaws
that result in integer overflow problems.

Impact
======

This potentially allows a malicious application to create a possible denial of service or code execution.
Due to the need to exploit precise details of the target architecture and threading
it is unlikely that remote code execution can be achieved in practice.

Revision history for this message
Jonathan Riddell (jr) wrote :

Note the CVE is the same as the one for liblzo2 CVE-2014-4607

Changed in krfb (Ubuntu Utopic):
status: New → Fix Released
Revision history for this message
Jonathan Riddell (jr) wrote :

Fixed in utopic 4.13.97-0ubuntu2

Revision history for this message
Jonathan Riddell (jr) wrote :
Revision history for this message
Jonathan Riddell (jr) wrote :

Fixed in trusty kubuntu-ppa updates PPA 4.13.3-0ubuntu1~ubuntu14.04~ppa1

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

ACK on the trusty debdiff. Packages are building now and will be released today. Thanks!

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package krfb - 4:4.13.0-0ubuntu1.1

---------------
krfb (4:4.13.0-0ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service or possible code execution via
    integer overflow in liblzo2 in libvncserver in krfb
    - debian/patches/upstream_libvncserver-CVE-2014-4607.diff:
      check for overflow in libvncserver/lzoconf.h libvncserver/lzodefs.h
      libvncserver/minilzo.c libvncserver/minilzo.h
    - CVE-2014-4607
    - http://www.kde.org/info/security/advisory-20140803-1.txt
    - LP: #1352421
 -- Jonathan Riddell <email address hidden> Mon, 04 Aug 2014 17:36:30 +0200

Changed in krfb (Ubuntu Trusty):
status: New → Fix Released
Scott Kitterman (kitterman)
tags: added: verification-done
Revision history for this message
Colin Watson (cjwatson) wrote : Update Released

The verification of the Stable Release Update for krfb has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.