|
|
Subscribe / Log in / New account

gtk-vnc: two vulnerabilities

Package(s):gtk-vnc CVE #(s):CVE-2017-5884 CVE-2017-5885
Created:February 10, 2017 Updated:February 21, 2017
Description: From the Red Hat bugzilla entry for CVE-2017-5884:

It was found that gtk-vnc does not properly check boundaries of subrectangle-containing tiles. A malicious server can use this to overwrite parts of the client memory, potentially leading to code execution under privileges of the user running the VNC client.

From the Red Hat bugzilla entry for CVE-2017-5885:

It was found that vnc_connection_server_message() and vnc_color_map_set() functions do not check for integer overflow properly, leading to a malicious server being able to overwrite parts of the client memory, possibly leading to remote code execution under privileges of user running the VNC client.

Alerts:
Ubuntu USN-3203-1 gtk-vnc 2017-02-20
Debian-LTS DLA-831-1 gtk-vnc 2017-02-20
Mageia MGASA-2017-0057 gtk-vnc 2017-02-20
Fedora FEDORA-2017-ab04a91edd gtk-vnc 2017-02-10
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds