vino-2.28.1-8.AXS4

エラータID: AXSA:2013-86:01

Release date: 
Thursday, February 21, 2013 - 14:35
Subject: 
vino-2.28.1-8.AXS4
Affected Channels: 
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity: 
High
Description: 

Vino is a VNC server for GNOME. It allows remote users to connect to a running GNOME session using VNC.

Security issues fixed with this release:

• CVE-2011-0904
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions

• CVE-2011-0905
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.

• CVE-2011-1164
• CVE-2011-1165
No description available.

• CVE-2012-4429
Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900.

Solution: 

Update packages.

CVEs: 
CVE-2011-0904
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.
CVE-2011-0905
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.
CVE-2011-1164
Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks.
CVE-2011-1165
Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easier for remote attackers to perform further attacks.
CVE-2012-4429
Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900.
Additional Info: 

N/A

Download: 

SRPMS
  1. vino-2.28.1-8.AXS4.src.rpm
    MD5: be8ae52a5d885e4e26c52813c57e6699
    SHA-256: 414d73244846ed36d7c3e0df319dfc5fa7ab74c3c9c3c142d34f8abc3239f02b
    Size: 824.98 kB

Asianux Server 4 for x86
  1. vino-2.28.1-8.AXS4.i686.rpm
    MD5: 125120d11610b993aa0886ae3bfcf77f
    SHA-256: a4f44f1a2e4e0ece8ecb76c24f15c4fe33b75e3c04f9ec39430df86fc758c740
    Size: 433.95 kB

Asianux Server 4 for x86_64
  1. vino-2.28.1-8.AXS4.x86_64.rpm
    MD5: 5ccb3012979ef30a819a1ae932a9d526
    SHA-256: 44f1b7ecb93563200ccf4404f29ac6dbfbcffee82eb6ec1b5baa5e4121b6fa6f
    Size: 435.01 kB