![]() ![]() A remote unauthenticated attacker could use this flaw to make Xvnc crash by sending specially crafted usernames, resulting in denial of service. (CVE-2017-7393) * A missing input sanitization flaw was found in the way TigerVNC handled credentials. A remote, authenticated attacker could use this flaw to make Xvnc crash by sending specially crafted ClientFence messages, resulting in denial of service. (CVE-2016-10207) * A double free flaw was found in the way TigerVNC handled ClientFence messages. A remote unauthenticated attacker could use this flaw to make Xvnc crash by terminating the TLS handshake process early. ![]() (BZ#1388620, BZ#1413598) Security Fix(es) : * A denial of service flaw was found in the TigerVNC's Xvnc server. The following packages have been upgraded to a later upstream version: tigervnc (1.8.0), fltk (1.3.4). It provides modern GUI functionality without the bloat, and supports 3D graphics via OpenGL and its built-in GLUT emulation. FLTK (pronounced 'fulltick') is a cross-platform C++ GUI toolkit. TigerVNC is a suite of VNC servers and clients which allows users to connect to other desktops running a VNC server. Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat Product Security has rated this update as having a security impact of Moderate. Description An update for tigervnc and fltk is now available for Red Hat Enterprise Linux 7. ![]() Synopsis The remote Red Hat host is missing one or more security updates. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |