Overview

File _patchinfo of Package patchinfo.4317

<patchinfo incident="4317">
  <issue id="2017-7392" tracker="cve" />
  <issue id="2017-7393" tracker="cve" />
  <issue id="2017-7394" tracker="cve" />
  <issue id="2017-7395" tracker="cve" />
  <issue id="2017-7396" tracker="cve" />
  <issue id="1032880" tracker="bnc">VUL-0: tigervnc: Malicious VNC server can write to random data on stack in TigerVnc vncviewer</issue>
  <issue id="1032272" tracker="bnc">[Build 0313] [s390x] Beta 1 is unable to start gdm after Installation</issue>
  <issue id="1031886" tracker="bnc">CVE-2017-7396: Client can cause leak in VNC server.</issue>
  <issue id="1031877" tracker="bnc">CVE-2017-7395: Authenticated VNC client can crash VNC server.</issue>
  <issue id="1031879" tracker="bnc">CVE-2017-7394: Client can crash or block VNC server.</issue>
  <issue id="1031875" tracker="bnc">CVE-2017-7393: Authenticated client can cause double free in VNC server</issue>
  <issue id="1024929" tracker="bnc">reconnect to tigervnc session fails</issue>
  <issue id="1031045" tracker="bnc">Installer crashes in vnc installations for no obvious reason</issue>
  <issue id="1026833" tracker="bnc">Regression: VNC cannot be accessed at http://&lt;host&gt;:5801 during installation</issue>
  <category>security</category>
  <rating>moderate</rating>
  <packager>michalsrb</packager>
  <description>
This update for tigervnc provides the several fixes.

These security issues were fixed:

- CVE-2017-7392, CVE-2017-7396: Client can cause leak in VNC server (bsc#1031886)
- CVE-2017-7395: Authenticated VNC client can crash VNC server (bsc#1031877)
- CVE-2017-7394: Client can crash or block VNC server (bsc#1031879)
- CVE-2017-7393: Authenticated client can cause double free in VNC server (bsc#1031875)
- Prevent buffer overflow in VNC client, allowing for crashing the client (bnc#1032880)

These non-security issues were fixed:

- Prevent client disconnection caused by invalid cursor manipulation. (bsc#1024929, bsc#1031045)
- Readd index.vnc. (bsc#1026833)
- Crop operations to visible screen. (bnc#1032272)  
</description>
  <summary>Security update for tigervnc</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places