vino-2.28.1-9.AXS4

エラータID: AXSA:2014-070:01

Release date: 
Tuesday, March 18, 2014 - 20:31
Subject: 
vino-2.28.1-9.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Vino is a VNC server for GNOME. It allows remote users to connect to a running GNOME session using VNC.

Security issues fixed with this release:

• CVE-2013-5745
The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication.

Solution: 

Update packages.

CVEs: 
CVE-2013-5745
The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication.


Additional Info: 

N/A

Download: 

SRPMS
  1. vino-2.28.1-9.AXS4.src.rpm
    MD5: 89913daad53a9a41628accddf6e2a727
    SHA-256: 3faaaac41a8a78e6ccbc8dab8815cb04645ca7b8d74776fbcb7ab3978b689d51
    Size: 825.20 kB

Asianux Server 4 for x86
  1. vino-2.28.1-9.AXS4.i686.rpm
    MD5: 01a1b2a082dd6f6a5289c6c19646aa0d
    SHA-256: 5b89f76048369156d8f58f0c940f86bcd641988557a766b4e58999f654f6783d
    Size: 433.95 kB

Asianux Server 4 for x86_64
  1. vino-2.28.1-9.AXS4.x86_64.rpm
    MD5: 5a5593c2d6c86e6c45f3a27029250ddc
    SHA-256: c298f854c1213b36e7e114449f5a2cd8e34288c152727f44b3479e8f28a25a4d
    Size: 435.03 kB