Security update for tigervnc
This update for tigervnc provides the several fixes.
These security issues were fixed:
- CVE-2017-7392, CVE-2017-7396: Client can cause leak in VNC server (bsc#1031886)
- CVE-2017-7395: Authenticated VNC client can crash VNC server (bsc#1031877)
- CVE-2017-7394: Client can crash or block VNC server (bsc#1031879)
- CVE-2017-7393: Authenticated client can cause double free in VNC server (bsc#1031875)
- Prevent buffer overflow in VNC client, allowing for crashing the client (bnc#1032880)
-
Submitted by
Michal Srb (michalsrb)
Fixed bugs
bnc#1032880
VUL-0: tigervnc: Malicious VNC server can write to random data on stack in TigerVnc vncviewer
bnc#1031877
VUL-1: CVE-2017-7395 : tigervnc: Authenticated VNC client can crash VNC server.
bnc#1031875
VUL-1: CVE-2017-7393 : tigervnc: Authenticated client can cause double free in VNC server
bnc#1031886
VUL-1: CVE-2017-7392 CVE-2017-7396 : tigervnc: Client can cause leak in VNC server.
bnc#1031879
VUL-1: CVE-2017-7394 : tigervnc: Client can crash or block VNC server.
