Mandriva Linux Security Advisory : libvncserver (MDVSA-2014:168)
Medium Nessus Plugin ID 77647
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionAn integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker (CVE-2014-4607).
The libvncserver library is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code.
The x11vnc packages is now build against the system libvncserver library to avoid security issues in the bundled copy.
The icecream packages is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code.
SolutionUpdate the affected packages.