Medium: tigervnc

2015-08-04T17:48:00
ID ALAS-2015-576
Type amazon
Reporter Amazon
Modified 2015-08-04T17:48:00

Description

Issue Overview:

A heap-based buffer overflow was found in the way vncviewer rendered certain screen images from a vnc server. If a user could be tricked into connecting to a malicious vnc server, it may cause the vncviewer to crash, or could possibly execute arbitrary code with the permissions of the user running it.

Affected Packages:

tigervnc

Issue Correction:
Run yum update tigervnc to update your system.

New Packages:

i686:  
    tigervnc-debuginfo-1.3.0-7.23.amzn1.i686  
    tigervnc-server-module-1.3.0-7.23.amzn1.i686  
    tigervnc-server-1.3.0-7.23.amzn1.i686  
    tigervnc-1.3.0-7.23.amzn1.i686

src:  
    tigervnc-1.3.0-7.23.amzn1.src

x86_64:  
    tigervnc-server-module-1.3.0-7.23.amzn1.x86_64  
    tigervnc-1.3.0-7.23.amzn1.x86_64  
    tigervnc-server-1.3.0-7.23.amzn1.x86_64  
    tigervnc-debuginfo-1.3.0-7.23.amzn1.x86_64