Описание
Security update for tigervnc
This update for tigervnc provides the several fixes.
These security issues were fixed:
- CVE-2017-7392, CVE-2017-7396: Client can cause leak in VNC server (bsc#1031886)
- CVE-2017-7395: Authenticated VNC client can crash VNC server (bsc#1031877)
- CVE-2017-7394: Client can crash or block VNC server (bsc#1031879)
- CVE-2017-7393: Authenticated client can cause double free in VNC server (bsc#1031875)
- Prevent buffer overflow in VNC client, allowing for crashing the client (bnc#1032880)
Список пакетов
openSUSE Leap 42.1
openSUSE Leap 42.2
Ссылки
- E-Mail link for openSUSE-SU-2017:1028-1
- SUSE Security Ratings
Описание
In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server.
Затронутые продукты
Ссылки
- CVE-2017-7392
- SUSE Bug 1031886
Описание
In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution.
Затронутые продукты
Ссылки
- CVE-2017-7393
- SUSE Bug 1031875
- SUSE Bug 1031879
Описание
In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames.
Затронутые продукты
Ссылки
- CVE-2017-7394
- SUSE Bug 1031879
Описание
In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server.
Затронутые продукты
Ссылки
- CVE-2017-7395
- SUSE Bug 1031877
Описание
In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server.
Затронутые продукты
Ссылки
- CVE-2017-7396
- SUSE Bug 1031886