Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. The tigervnc packages contain a client which allows users to connect to other desktops running a VNC server.
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way TigerVNC handled screen sizes. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code on the client. (CVE-2014-8240)
A NULL pointer dereference flaw was found in TigerVNC's XRegion. A malicious VNC server could use this flaw to cause a client to crash. (CVE-2014-8241)
The tigervnc packages have been upgraded to upstream version 1.3.1, which provides a number of bug fixes and enhancements over the previous version. (BZ#1199453)
This update also fixes the following bug:
All tigervnc users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.