Updated tigervnc packages fix security vulnerabilities
Publication date: 26 Nov 2015Modification date: 26 Nov 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2014-8240 , CVE-2014-8241
Description
Updated tigervnc packages fix security vulnerabilities: An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way TigerVNC handled screen sizes. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code on the client (CVE-2014-8240). A NULL pointer dereference flaw was found in TigerVNC's XRegion. A malicious VNC server could use this flaw to cause a client to crash (CVE-2014-8241).
References
SRPMS
5/core
- tigervnc-1.3.1-6.1.mga5