Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 21 Jan 2017 22:25:38 -0800
From: Alan Coopersmith <alan.coopersmith@...cle.com>
To: Pierre Ossman <ossman@...dio.se>, tigervnc-devel@...glegroups.com
Cc: oss-security@...ts.openwall.com
Subject: Re: [tigervnc-announce] TigerVNC 1.7.1

Is there a CVE assigned to this issue that we should use when passing this
fix through to our packages/distros?  I don't see one mentioned in the commit
or pull requests:

https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba
https://github.com/TigerVNC/tigervnc/pull/399

Thanks,

	-alan-

On 01/20/17 01:00 AM, Pierre Ossman wrote:
> This is a security update for TigerVNC 1.7.0 which fixes a memory overflow issue
> via the RRE decoder. A malicious server could possibly use this issue to take
> control of the TigerVNC viewer.
>
> Users are advised to upgrade as soon as possible.
>
> Binaries are available from bintray:
>
> https://bintray.com/tigervnc/stable/tigervnc/1.7.1
>
> Regards
> The TigerVNC Developers
>


-- 
	-Alan Coopersmith-              alan.coopersmith@...cle.com
	 Oracle Solaris Engineering - http://blogs.oracle.com/alanc

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ