Updated tigervnc packages fix security vulnerabilities
Publication date: 19 Jan 2020Modification date: 19 Jan 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-15691 , CVE-2019-15692 , CVE-2019-15693 , CVE-2019-15694 , CVE-2019-15695
Description
Updated tigervnc packages fix security vulnerabilities:
The tigervnc package has been updated to version 1.10.1 to fix multiple
unspecified security issues. These issues affect both the client and server
and could theoretically allow an malicious peer to take control over the
software on the other side. No working exploit is known at this time, and
the issues require the peer to first be authenticated (CVE-2019-15691,
CVE-2019-15692, CVE-2019-15693, CVE-2019-15694, CVE-2019-15695).
References
- https://bugs.mageia.org/show_bug.cgi?id=25917
- https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1
- https://www.openwall.com/lists/oss-security/2019/12/20/2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15691
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15692
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15693
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15694
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15695
SRPMS
7/core
- tigervnc-1.10.1-1.mga7