gtk-vnc-0.7.0-2.el7
エラータID: AXSA:2017-1910:01
Release date:
Monday, August 28, 2017 - 05:31
Subject:
gtk-vnc-0.7.0-2.el7
Affected Channels:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
gtk-vnc is a VNC viewer widget for GTK2. It is built using coroutines
allowing it to be completely asynchronous while remaining single threaded.
CVE-2017-5884
gtk-vnc before 0.7.0 does not properly check boundaries of
subrectangle-containing tiles, which allows remote servers to execute
arbitrary code via the src x, y coordinates in a crafted (1) rre, (2)
hextile, or (3) copyrect tile.
CVE-2017-5885
Multiple integer overflows in the (1) vnc_connection_server_message
and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow
remote servers to cause a denial of service (crash) or possibly
execute arbitrary code via vectors involving SetColorMapEntries, which
triggers a buffer overflow.
Solution:
Update packages.
CVEs:
CVE-2017-5884
gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.
gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.
CVE-2017-5885
Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow.
Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow.
Additional Info:
N/A
Download:
SRPMS
- gtk-vnc-0.7.0-2.el7.src.rpm
MD5: cd6970bee2d13ae04cf1d00c3ab3af4d
SHA-256: b20a5c5acaaa14d94e448a10414558472536205169683e9ebb887507a3422b2d
Size: 463.70 kB
Asianux Server 7 for x86_64
- gtk-vnc2-0.7.0-2.el7.x86_64.rpm
MD5: 86e149d5831072f10eb791c24b069262
SHA-256: b6eead82ef24752aacd4e745b8ea71292a7d926bb0867fc999d15e924473b9b2
Size: 39.73 kB - gvnc-0.7.0-2.el7.x86_64.rpm
MD5: 74f2249eb0f1a78b85fd31faae7122cb
SHA-256: 9c741cbb4d8bf3fa1d4aa1b00fd97002036cd10c8319cb7fd843bdd98d98c51c
Size: 92.39 kB - gtk-vnc2-0.7.0-2.el7.i686.rpm
MD5: 4eaf1e40682df2d93898056b3117a503
SHA-256: 8e3184d9e328bcaadda8cbefd03f81ed512779ec263d0887f803b761c8ff7c5b
Size: 39.05 kB - gvnc-0.7.0-2.el7.i686.rpm
MD5: 12b2fd685c4e002fc543deb704d11d6a
SHA-256: ea5df8927a28ac25971ae5084f456dd37f12d1b92ecd929286c62f2a222e73cf
Size: 93.07 kB