Advisories » MGASA-2015-0459

Updated tigervnc packages fix security vulnerabilities

Publication date: 26 Nov 2015
Modification date: 26 Nov 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2014-8240 , CVE-2014-8241

Description

Updated tigervnc packages fix security vulnerabilities:

An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way TigerVNC handled screen sizes. A malicious VNC server
could use this flaw to cause a client to crash or, potentially, execute
arbitrary code on the client (CVE-2014-8240).

A NULL pointer dereference flaw was found in TigerVNC's XRegion.
A malicious VNC server could use this flaw to cause a client to crash
(CVE-2014-8241).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17190
• https://rhn.redhat.com/errata/RHSA-2015-2233.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8240
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8241

SRPMS

5/core

• tigervnc-1.3.1-6.1.mga5