Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 2 Feb 2017 14:11:56 +0100
From: Matthias Gerstner <mgerstner@...e.de>
To: oss-security@...ts.openwall.com
Subject: CVE request tigervnc: vnc server can crash when TLS handshake
 terminates early

Hello,

the Xvnc server from tigervnc can crash when a client terminates a TLS
connection early. This is due to invalid initialization/deinitialization
order of the GnuTLS library.

Upstream commit:

https://github.com/TigerVNC/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649

Reference:

https://bugzilla.suse.com/show_bug.cgi?id=1023012

This issue was reported/found by Ruediger Meier, Michal Srb (SUSE
Linux).

-- 
Matthias Gerstner <matthias.gerstner@...e.de>
Dipl.-Wirtsch.-Inf. (FH), Security Engineer
https://www.suse.com/security
Telefon: +49 911 740 53 290

SUSE Linux GmbH 
GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG Nuernberg)

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.