Описание
ELSA-2017-2000: tigervnc and fltk security, bug fix, and enhancement update (MODERATE)
fltk [1.3.4-1]
- Re-base to 1.3.4 (+ sync with Fedora)
tigervnc [1.8.0-1]
- Update to 1.8.0 Resolves: bz#1388620
[1.7.90-2]
- Make RandR callbacks optional Resolves: bz#1444948
[1.7.90-1]
- Update to 1.7.90 Resolves: bz#1388620
[1.7.1-3]
- Delete underlying ssecurity in SSecurityVeNCrypt [CCVE-2017-7392] Resolves: bz#1439127 Prevent double free by crafted fences [CVE-2017-7393] Resolves: bz#1439134
[1.7.1-2]
- Be more restrictive with shared memory mode bits Resolves: bz#1152552 Limit max username/password size in SSecurityPlain [CVE-2017-7394] Resolves: bz#1438737 Fix crash from integer overflow in SMsgReader::readClientCutText [CVE-2017-7395] Resolves: bz#1438742
[1.7.1-1]
- Update to 1.7.1 Resolves: bz#1388620 Resolves: bz#1343899 Resolves: bz#1410164 Resolves: bz#1415547 Resolves: bz#1418945 Resolves: bz#1416290 Resolves: bz#1342956
- Fix shared memory leakage Resolves: bz#1358090
- Added systemd unit file for xvnc Resolves: bz#1393971
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
fltk
1.3.4-1.el7
fltk-devel
1.3.4-1.el7
fltk-fluid
1.3.4-1.el7
fltk-static
1.3.4-1.el7
tigervnc
1.8.0-1.el7
tigervnc-icons
1.8.0-1.el7
tigervnc-license
1.8.0-1.el7
tigervnc-server
1.8.0-1.el7
tigervnc-server-applet
1.8.0-1.el7
tigervnc-server-minimal
1.8.0-1.el7
tigervnc-server-module
1.8.0-1.el7
Oracle Linux x86_64
fltk
1.3.4-1.el7
fltk-devel
1.3.4-1.el7
fltk-fluid
1.3.4-1.el7
fltk-static
1.3.4-1.el7
tigervnc
1.8.0-1.el7
tigervnc-icons
1.8.0-1.el7
tigervnc-license
1.8.0-1.el7
tigervnc-server
1.8.0-1.el7
tigervnc-server-applet
1.8.0-1.el7
tigervnc-server-minimal
1.8.0-1.el7
tigervnc-server-module
1.8.0-1.el7
Ссылки на источники
Связанные уязвимости
ELSA-2017-0630: tigervnc security and bug fix update (MODERATE)
Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries.