Summary: | <net-misc/vino-2.32.2-r2 : Infinite Loop Denial of Service Vulnerability (CVE-2013-5745) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/54995/ | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-10-01 19:00:33 UTC
+*vino-2.32.2-r2 (01 Oct 2013) + + 01 Oct 2013; Alexandre Rostovtsev <tetromino@gentoo.org> + +vino-2.32.2-r2.ebuild, -vino-3.8.1.ebuild: + Fix DoS vulnerability and remove vulnerable version (CVE-2013-5745, bug + #486694, thanks to Agostino Sarubbo). Thanks, this had already been fixed in 3.8.1-r1, and I've now added 2.32.2-r2 to use the same patch. =net-misc/vino-2.32.2-r2 should be stabilized. Arches, please test and mark stable: =net-misc/vino-2.32.2-r2 Target keywords : "alpha amd64 arm ia64 ppc ppc64 sparc x86" amd64 stable x86 stable CVE-2013-5745 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5745): The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication. ia64 stable alpha stable ppc stable arm stable ppc64 stable sparc stable. Maintainer(s), please cleanup. Security, please vote. GLSA vote: no. + 17 Dec 2013; Pacho Ramos <pacho@gentoo.org> -vino-2.32.2-r1.ebuild: + Drop old + Thanks for your work GLSA vote: no Closing as noglsa |