Date: Thu, 2 Feb 2017 14:11:56 +0100 From: Matthias Gerstner <mgerstner@...e.de> To: oss-security@...ts.openwall.com Subject: CVE request tigervnc: vnc server can crash when TLS handshake terminates early Hello, the Xvnc server from tigervnc can crash when a client terminates a TLS connection early. This is due to invalid initialization/deinitialization order of the GnuTLS library. Upstream commit: https://github.com/TigerVNC/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649 Reference: https://bugzilla.suse.com/show_bug.cgi?id=1023012 This issue was reported/found by Ruediger Meier, Michal Srb (SUSE Linux). -- Matthias Gerstner <matthias.gerstner@...e.de> Dipl.-Wirtsch.-Inf. (FH), Security Engineer https://www.suse.com/security Telefon: +49 911 740 53 290 SUSE Linux GmbH GF: Felix Imendörffer, Jane Smithard, Graham Norton HRB 21284 (AG Nuernberg) Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.