Advisories » MGASA-2014-0173

Updated tigervnc packages fix CVE-2014-0011

Publication date: 15 Apr 2014
Modification date: 15 Apr 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0011

Description

Updated tigervnc packages fix security vulnerability:

A heap-based buffer overflow was found in the way vncviewer rendered certain
screen images from a vnc server. If a user could be tricked into connecting
to a malicious vnc server, it may cause the vncviewer to crash, or could
possibly execute arbitrary code with the permissions of the user running it.
This issue was due to an issue in the ZRLE_DECODE() function which performs
RLE decoding (CVE-2014-0011).
                

References

• https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130495.html
• https://bugs.mageia.org/show_bug.cgi?id=13082
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0011

SRPMS

3/core

• tigervnc-1.1.0-3.2.mga3

4/core

• tigervnc-1.3.0-2.1.mga4