tigervnc-1.3.1-3.el7

エラータID: AXSA:2015-910:01

Release date: 
Wednesday, December 9, 2015 - 11:19
Subject: 
tigervnc-1.3.1-3.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

Virtual Network Computing (VNC) is a remote display system which
allows you to view a computing 'desktop' environment not only on the
machine where it is running, but from anywhere on the Internet and
from a wide variety of machine architectures. This package contains a
client which will allow you to connect to other desktops running a VNC
server.

Security issues fixed with this release:

CVE-2014-8240
Integer overflow in TigerVNC allows remote VNC servers to cause a
denial of service (crash) and possibly execute arbitrary code via
vectors related to screen size handling, which triggers a heap-based
buffer overflow, a similar issue to CVE-2014-6051.
CVE-2014-8241
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Fixed bugs:

* The position of the mouse cursor in the VNC session was not correctly communicated to the VNC viewer, resulting in cursor misplacement. The method of displaying the remote cursor has been changed, and cursor movements on the VNC server are now accurately reflected on the VNC client.

Solution: 

Update packages.

CVEs: 
CVE-2014-8240
Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a heap-based buffer overflow, a similar issue to CVE-2014-6051.
CVE-2014-8241
XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.
Additional Info: 

N/A

Download: 

SRPMS
  1. tigervnc-1.3.1-3.el7.src.rpm
    MD5: 24480e366988edc7841068df930c99c1
    SHA-256: 2325d81b24cb76d28907af1723d7871807d1c2bebd194eb6d17912148f3f4bea
    Size: 6.57 MB

Asianux Server 7 for x86_64
  1. tigervnc-1.3.1-3.el7.x86_64.rpm
    MD5: 98edc6bcf64ffdc0bb8a9b834761535a
    SHA-256: 2547c98cfe76ae91c4700e98911dc8bb061c46a6400f3183100bf30c9894e574
    Size: 209.07 kB
  2. tigervnc-icons-1.3.1-3.el7.noarch.rpm
    MD5: 2d7b5d1101aa6a8abdc024e8873ea790
    SHA-256: 7a1711550214cf0f534d935651be791fd29d9db8e8dccfa2e0650c79481da08b
    Size: 33.97 kB
  3. tigervnc-license-1.3.1-3.el7.noarch.rpm
    MD5: 59ac8b855b696b508c883c8fc79426df
    SHA-256: 25543544b23faeac4bcb2fe82a03a82ca523a50b89c182305592b08394364cf7
    Size: 24.59 kB
  4. tigervnc-server-1.3.1-3.el7.x86_64.rpm
    MD5: 1e2381d09262c296b13ad22de4a3c08c
    SHA-256: 744eb2d8500f4ad203116000656db1c2eb81deaf019bd6d2efa9bf2fc416f141
    Size: 201.23 kB
  5. tigervnc-server-minimal-1.3.1-3.el7.x86_64.rpm
    MD5: 640f1c262a7d7373bf8daebc52f50737
    SHA-256: 20591475b6d5d85ac2e3bd7c73617d91bc233ef3eadcf905236eb503002b8a91
    Size: 1.01 MB