Summary: | Security issue: Buffer overflow + Sparc crashes in TightVNC 1.2.8 | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Matt Tesauro <mtesauro> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | critical | ||||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://www.tightvnc.com | ||||||
Whiteboard: | |||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Matt Tesauro
2003-08-05 13:49:30 UTC
Just created a TightVNC-1.2.9 ebuild. Here's the steps I took: cd /usr/portage/net-misc/tightvnc cp tightvnc-1.2.8.ebuild tightvnc-1.2.9.ebuild [manual step] made digest-tighvnc-1.2.9 [I'll upload this] cp tightvnc-1.2.8-gentoo.diff tightvnc-1.2.9-gentoo.diff cp tightvnc-1.2.8-gentoo.security.patch tightvnc-1.2.9-gentoo.security.patch emerge /usr/portage/net-misc/tightvnc-1.2.9.ebuild .... >>> Regenerating /etc/ld.so.cache... >>> net-misc/tightvnc-1.2.9 merged. net-misc/tightvnc selected: none protected: 1.2.9 omitted: none >>> clean: No packages selected for removal. >>> Regenerating /etc/ld.so.cache... >>> Auto-cleaning packages ... >>> No outdated packages were found on your system. The build worked fine when I tested it against a NT box running TightVNC 1.2.9 server: mtesauro files $ /usr/bin/vncviewer VNC server supports protocol version 3.3 (viewer 3.3) VNC authentication succeeded Desktop name "business" Connected to VNC server, using protocol version 3.3 VNC server default format: 16 bits per pixel. Least significant byte first in each pixel. True colour: max red 31 green 63 blue 31, shift red 11 green 5 blue 0 Using default colormap which is TrueColor. Pixel format: 32 bits per pixel. Least significant byte first in each pixel. True colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0 Using shared memory PutImage ShmCleanup called mtesauro files $ Created attachment 15566 [details]
digest file for emerge
manually created digest file in same format as digest-tightvnc-1.2.8
Security Team; I'm guessing since that we already have tightvnc-1.2.9 in portage, that this is fixed. Any problems with closing it? tightvnc is in portage already as weeve pointed out. changing resolution to FIXED. Skipping GLSA |