Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2017-2258

Опубликовано: 07 авг. 2017
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2017-2258: gtk-vnc security, bug fix, and enhancement update (MODERATE)

[0.7.0-2]

  • Fix reserved data size (rhbz #1416783)
  • Fix inverted args in tests (rhbz #1416783)
  • Avoid sign extension problems (rhbz #1416783)
  • Fix crash with opening via GSocketAddress (rhbz #1416783)
  • Fix crash & error reporting during connection timeout (rhbz #1441120)
  • Fix incompatibility with libvncserver websockets (rhbz #921330)

[0.7.0-1]

  • Update to 0.7.0 release (rhbz #1416783)
  • Release held keys when loosing focus (rhbz #921008)
  • Avoid warnings when disconnecting (rhbz #1126825)
  • Workaround to avoid hang connecting to SPICE guest (rhbz #921330)
  • CVE-2017-5884 - fix bounds checking for RRE, hextile and copyrect encodings (rhbz #1425367)
  • CVE-2017-5885 - fix color map index bounds checking (rhbz #1425367)

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

gtk-vnc

0.7.0-2.el7

gtk-vnc-devel

0.7.0-2.el7

gtk-vnc-python

0.7.0-2.el7

gtk-vnc2

0.7.0-2.el7

gtk-vnc2-devel

0.7.0-2.el7

gvnc

0.7.0-2.el7

gvnc-devel

0.7.0-2.el7

gvnc-tools

0.7.0-2.el7

gvncpulse

0.7.0-2.el7

gvncpulse-devel

0.7.0-2.el7

Oracle Linux x86_64

gtk-vnc

0.7.0-2.el7

gtk-vnc-devel

0.7.0-2.el7

gtk-vnc-python

0.7.0-2.el7

gtk-vnc2

0.7.0-2.el7

gtk-vnc2-devel

0.7.0-2.el7

gvnc

0.7.0-2.el7

gvnc-devel

0.7.0-2.el7

gvnc-tools

0.7.0-2.el7

gvncpulse

0.7.0-2.el7

gvncpulse-devel

0.7.0-2.el7

Связанные CVE

CVE-2017-5884
CVE-2017-5885

Ссылки на источники

Связанные уязвимости

suse-cvrf логотип

SUSE-SU-2021:3125-1

suse-cvrf
около 4 лет назад

Security update for gtk-vnc

ubuntu логотип

CVE-2017-5885

CVSS3: 9.8
ubuntu
больше 8 лет назад

Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow.

redhat логотип

CVE-2017-5885

CVSS3: 3.1
redhat
почти 9 лет назад

Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow.

nvd логотип

CVE-2017-5885

CVSS3: 9.8
nvd
больше 8 лет назад

Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow.

debian логотип

CVE-2017-5885

CVSS3: 9.8
debian
больше 8 лет назад

Multiple integer overflows in the (1) vnc_connection_server_message an ...