2017-01-14
ALT-BU-2017-2877-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Published: 2017-02-28
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-5581
Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries.
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- RHSA-2017:0630
- RHSA-2017:0630
- [oss-security] 20170121 Re: [tigervnc-announce] TigerVNC 1.7.1
- [oss-security] 20170121 Re: [tigervnc-announce] TigerVNC 1.7.1
- [oss-security] 20170125 Re: [tigervnc-announce] TigerVNC 1.7.1
- [oss-security] 20170125 Re: [tigervnc-announce] TigerVNC 1.7.1
- 95789
- 95789
- RHSA-2017:2000
- RHSA-2017:2000
- https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba
- https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba
- https://github.com/TigerVNC/tigervnc/pull/399
- https://github.com/TigerVNC/tigervnc/pull/399
- https://github.com/TigerVNC/tigervnc/releases/tag/v1.7.1
- https://github.com/TigerVNC/tigervnc/releases/tag/v1.7.1
- GLSA-201702-19
- GLSA-201702-19
Closed bugs
просьба собрать новую версию 1.7
Добавить зависимость /usr/bin/vncpasswd