Summary: | <net-misc/tigervnc-1.8.0: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | glsamaker, otakuto.gentoo, proxy-maint |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: |
net-misc/tigervnc-1.8.0
|
Runtime testing required: | --- |
Description
Agostino Sarubbo
2017-04-05 10:35:30 UTC
CVE ID: CVE-2017-7392 Summary: In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server. Published: 2017-04-01T02:59:00.000Z ______________________________ CVE ID: CVE-2017-7393 Summary: In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution. Published: 2017-04-01T02:59:00.000Z ______________________________ CVE ID: CVE-2017-7394 Summary: In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames. Published: 2017-04-01T02:59:00.000Z ______________________________ CVE ID: CVE-2017-7395 Summary: In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server. Published: 2017-04-01T02:59:00.000Z ______________________________ CVE ID: CVE-2017-7396 Summary: In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server. Published: 2017-04-01T02:59:00.000Z 1.8.0 is out. @ Arches, please test and mark stable: =net-misc/tigervnc-1.8.0 arm stable amd64 stable x86 stable sparc stable ia64 stable ppc64 stable Stable on alpha. ppc stable Bing hppa for stabilization. hppa stable New GLSA Request filed. *** Bug 634788 has been marked as a duplicate of this bug. *** This issue was resolved and addressed in GLSA 201801-13 at https://security.gentoo.org/glsa/201801-13 by GLSA coordinator Thomas Deutschmann (whissi). |