Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 4 Feb 2017 21:34:03 -0500
From: <cve-assign@...re.org>
To: <mgerstner@...e.de>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: CVE request tigervnc: vnc server can crash when TLS handshake terminates early

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> the Xvnc server from tigervnc can crash when a client terminates a TLS
> connection early. This is due to invalid initialization/deinitialization
> order of the GnuTLS library.
> 
> Upstream commit:
> 
> https://github.com/TigerVNC/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649

>> Proper global init/deinit of GnuTLS 

> https://bugzilla.suse.com/show_bug.cgi?id=1023012

Use CVE-2016-10207.

The scope of this CVE does not include
https://bugzilla.suse.com/show_bug.cgi?id=1023012#c11

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYlo4DAAoJEHb/MwWLVhi25I8P/2B7bVNkmS9zQsDaRGvcAiuL
U84Xq5w9mhbN5yXoSxYwBXaIYrj6u/taDdjvBawg6qDVPEOGeKL/DpPLWRTF86PH
46UOEVnsSYqov03fTp111E21OTjfoqetvYe8ES/rz1SRvYB4hOHFlDqlKjYafXlm
Y97kXu8SaMiL5218a+smIpEM78nyu5b8IalQMh9yZpEdwr549gNQR8TmSBfb7e0C
EkIVRHSHTX4j7pjRCg0TmfvCohsaDQ7kiXPFhUN+lqNwpr0porVh4hBH2wgwHult
OFBTIQ4DMCmXu9+mJX6RCQWq3/S0FqeRZ0NzFQlaSUZCGC6ouDRIyFizLJr4OnOb
cZNaiCWknBQ96ftg2qNVjuulPZuteCdt7J0WOsLNel/8YGM/ovqCZgcu0jL9Vv+g
5GCZSK6sUKCAv6yuBtwkAyccPv98nWvWVvjgBBvd/wZLPOEFfp07uV8k/Wz9NX/2
sghtxXv5k8/zsVuFhk5Ry0RyTKx2YGGraTgdzukRikE1ZqvUr99DjAqkALYhnXYc
9zxqZRkBU7AepN3K2T0sil8niPRUb54AUw3xfpzvbcQtOhx4IoTHNLES9CEliE9m
fAuvPL+18/UGZ72e9OwLMU1ET3vfEgeN+nbAhy+kmkM5S3d9FtNl22Gd44F3R/Pt
P/sdVfWREufsGbgVNeKA
=j2T3
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ