Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2013-0169

Опубликовано: 21 янв. 2013
Источник: oracle-oval
Платформа: Oracle Linux 6

Описание

ELSA-2013-0169: vino security update (MODERATE)

[2.28.1-8]

  • Remove spurious 'e' from glib2-devel requirement

[2.28.1-7]

  • Bump version number

[2.28.1-6]

  • Bump version number

[2.28.1-5]

  • Add reachability.patch Remove UI about whether the is only reachable locally or not. Fix for CVE-2011-1164
    • Bug #553477

[2.28.1-5]

  • Add upnp.patch Fix for CVE-2011-1165
    • Bug #678846

[2.28.1-5]

  • Add clipboard-leak.patch Fix for CVE-2012-4429
    • Bug #857250

[2.28.1-5]

  • Add vino-2.8.1-sanity-check-fb-update.patch Fix for CVE-2011-0904 and CVE-2011-0904
    • Bugs #694456, #694455

[2.28.1-4]

  • Translation updates. Related: rhbz 575682

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

vino

2.28.1-8.el6_3

Oracle Linux i686

vino

2.28.1-8.el6_3

Связанные CVE

CVE-2011-0905
CVE-2011-1164
CVE-2012-4429
CVE-2011-0904
CVE-2011-1165

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2011-0905

ubuntu
больше 14 лет назад

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.

redhat логотип

CVE-2011-0905

redhat
больше 14 лет назад

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.

nvd логотип

CVE-2011-0905

nvd
больше 14 лет назад

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.

debian логотип

CVE-2011-0905

debian
больше 14 лет назад

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver ...

github логотип

GHSA-fx9f-m844-h4j5

github
больше 3 лет назад

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.