Parent Directory | Revision Log
MGASA-2017-0057: gtk-vnc-0.5.3-6.1.mga5
1 | type: security |
2 | subject: Updated gtk-vnc packages fix security vulnerability |
3 | CVE: |
4 | - CVE-2017-5884 |
5 | - CVE-2017-5885 |
6 | src: |
7 | 5: |
8 | core: |
9 | - gtk-vnc-0.5.3-6.1.mga5 |
10 | description: | |
11 | It was found that gtk-vnc code does not properly check boundaries of |
12 | subrectangle-containing tiles. A malicious server can use this to |
13 | overwrite parts of the client memory (CVE-2017-5884). |
14 | |
15 | In addition, the vnc_connection_server_message() and vnc_color_map_set() |
16 | functions do not check for integer overflow properly, leading to a |
17 | malicious server being able to overwrite parts of the client memory |
18 | (CVE-2017-5885). |
19 | references: |
20 | - https://bugs.mageia.org/show_bug.cgi?id=20244 |
21 | - http://openwall.com/lists/oss-security/2017/02/05/5 |
22 | - https://bugzilla.gnome.org/show_bug.cgi?id=778048 |
23 | - https://bugzilla.gnome.org/show_bug.cgi?id=778050 |
24 | ID: MGASA-2017-0057 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |