VNC server library gets security fix

OneASP:为信息安全破局而来
An important fix for libvncserver has landed in Debian and on the library’s GitHub page.
Late in 2016, a bug emerged in the VNC libraries that left clients vulnerable to malicious servers.
As the Debian advisory states, the fix addresses two bugs: CVE-2016-9941 and CVE-2016-9942. The libraries incorrectly handled incoming packets, leading to heap-based buffer overflows.
Clients could be attacked either for denial-of-service, or potentially for remote code execution.

The folks at libvncserver pushed out their own patch on December 30 – so if you’re a dev using the library, get it and start patching. It’s the first new libvncserver code release since October 2014.
Debian’s other recent security patches include Tomcat 7 and Tomcat 8 security updates, to close CVE-2016-8745: “incorrect error handling in the NIO HTTP connector of the Tomcat servlet and JSP engine could result in information disclosure”. ®
多名大型企业的员工被逮捕,警方指其涉嫌盗窃商业机密以及敏感设计文件。
Sponsored:
Customer Identity and Access Management
相信国内银行的设备和服务提供商拐骗的钱也不少,只是媒体鲜有报道而已,对第三方供应商,特别是供应商的员工的安全管理问题,是我们各组织的信息安全管理者必须认真面对的话题。

猜您喜欢

河池市中心城区网格化管理实现全覆盖
企业安全宣传小短片
教授海外学术交流遇谍记-国家安全法、保密意识、防间谍宣传
反腐肃纪观察
HANMEEPAINT INSPIREDATHOME
诺贝尔科学奖获得者也无法解决的高科技信息窃贼防范难题由信息安全意识教育来帮忙