Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2014-8240 CVE-2014-8241

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way TigerVNC handled screen sizes. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code on the client. A NULL pointer dereference flaw was found in TigerVNC's XRegion. A malicious VNC server could use this flaw to cause a client to crash.

Source

ALAS-2015-623

Amazon Linux AMI Security Advisory: ALAS-2015-623
Advisory Release Date: 2015-12-14 10:00 Pacific
Advisory Updated Date: 2015-12-13 14:23 Pacific

Severity: Medium

References: CVE-2014-8240 CVE-2014-8241

Issue Overview:

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way TigerVNC handled screen sizes. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code on the client.

A NULL pointer dereference flaw was found in TigerVNC's XRegion. A malicious VNC server could use this flaw to cause a client to crash.

Affected Packages:

tigervnc

Issue Correction:
Run yum update tigervnc to update your system.

New Packages:

i686:
    tigervnc-debuginfo-1.3.1-3.31.amzn1.i686
    tigervnc-server-1.3.1-3.31.amzn1.i686
    tigervnc-server-module-1.3.1-3.31.amzn1.i686
    tigervnc-1.3.1-3.31.amzn1.i686

src:
    tigervnc-1.3.1-3.31.amzn1.src

x86_64:
    tigervnc-server-module-1.3.1-3.31.amzn1.x86_64
    tigervnc-server-1.3.1-3.31.amzn1.x86_64
    tigervnc-debuginfo-1.3.1-3.31.amzn1.x86_64
    tigervnc-1.3.1-3.31.amzn1.x86_64

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS-2015-623

ALAS-2015-623

Vulmon Search

About

Products

Connect