An updated vino package that fixes several security issues is nowavailable for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are available for each vulnerabilityfrom the CVE links in the References section. Vino is a Virtual Network Computing server for GNOME. It allowsremote users to connect to a running GNOME session using VNC.It was found that Vino transmitted all clipboard activity on the systemrunning Vino to all clients connected to port 5900, even those who had notauthenticated. A remote attacker who is able to access port 5900 on asystem running Vino could use this flaw to read clipboard data withoutauthenticating. Two out-of-bounds memory read flaws were found in the way Vino processedclient framebuffer requests in certain encodings. An authenticated clientcould use these flaws to send a specially-crafted request to Vino, causingit to crash. In certain circumstances, the vino-preferences dialog box incorrectlyindicated that Vino was only accessible from the local network. This couldconfuse a user into believing connections from external networks are notallowed . With this update, vino-preferences nolonger displays connectivity and reachable information. There was no warning that Universal Plug and Play was used to openports on a user#39;s network router when the quot;Configure network automaticallyto accept connectionsquot; option was enabled inthe Vino preferences. This update changes the option#39;s description to avoidthe risk of a UPnP router configuration change without the user#39;s consent.All Vino users should upgrade to this updated package, which containsbackported patches to resolve these issues. The GNOME session must berestarted for this update to take effect.