Lucene search

K
centosCentOS ProjectCESA-2013:1452
HistoryOct 23, 2013 - 6:59 a.m.

vino security update

2013-10-2306:59:30
CentOS Project
lists.centos.org
49

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.763 High

EPSS

Percentile

98.2%

CentOS Errata and Security Advisory CESA-2013:1452

Vino is a Virtual Network Computing (VNC) server for GNOME. It allows
remote users to connect to a running GNOME session using VNC.

A denial of service flaw was found in the way Vino handled certain
authenticated requests from clients that were in the deferred state. A
remote attacker could use this flaw to make the vino-server process enter
an infinite loop when processing those incoming requests. (CVE-2013-5745)

All vino users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. The GNOME session must be
restarted (log out, then log back in) for this update to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2013-October/082144.html
https://lists.centos.org/pipermail/centos-announce/2013-October/082146.html

Affected packages:
vino

Upstream details at:
https://access.redhat.com/errata/RHSA-2013:1452

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.763 High

EPSS

Percentile

98.2%