ELSA-2017-0630 -- Oracle tigervncID: oval:org.secpod.oval:def:1501811 | Date: (C)2017-03-31 (M)2023-07-28 |
Class: PATCH | Family: unix |
Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. The tigervnc packages contain a client which allows users to connect to other desktops running a VNC server. Security Fix: * A denial of service flaw was found in the TigerVNC"s Xvnc server. A remote unauthenticated attacker could use this flaw to make Xvnc crash by terminating the TLS handshake process early. * A buffer overflow flaw, leading to memory corruption, was found in TigerVNC viewer. A remote malicious VNC server could use this flaw to crash the client vncviewer process resulting in denial of service.