(RHSA-2013:1452) Moderate: vino security update

2013-10-22T04:00:00
ID RHSA-2013:1452
Type redhat
Reporter RedHat
Modified 2018-06-06T20:24:07

Description

Vino is a Virtual Network Computing (VNC) server for GNOME. It allows remote users to connect to a running GNOME session using VNC.

A denial of service flaw was found in the way Vino handled certain authenticated requests from clients that were in the deferred state. A remote attacker could use this flaw to make the vino-server process enter an infinite loop when processing those incoming requests. (CVE-2013-5745)

All vino users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The GNOME session must be restarted (log out, then log back in) for this update to take effect.