Updated tigervnc packages fix security vulnerabilitiesPublication date: 26 Nov 2015
Affected Mageia releases : 5
CVE: CVE-2014-8240 , CVE-2014-8241
Updated tigervnc packages fix security vulnerabilities: An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way TigerVNC handled screen sizes. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code on the client (CVE-2014-8240). A NULL pointer dereference flaw was found in TigerVNC's XRegion. A malicious VNC server could use this flaw to cause a client to crash (CVE-2014-8241).