[Pkg-tigervnc-devel] Bug#859259: tigervnc: CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396

Salvatore Bonaccorso carnil at debian.org
Sat Apr 1 10:17:53 UTC 2017


Source: tigervnc
Version: 1.7.0+dfsg-6
Severity: grave
Tags: patch security upstream
Justification: user security hole

Hi,

the following vulnerabilities were published for tigervnc.

CVE-2017-7392[0]:
| In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx
| SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can
| cause a small memory leak in the server.

CVE-2017-7393[1]:
| In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an
| authenticated client can cause a double free, leading to denial of
| service or potentially code execution.

CVE-2017-7394[2]:
| In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg),
| unauthenticated users can crash the server by sending long usernames.

CVE-2017-7395[3]:
| In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by
| causing an integer overflow, an authenticated client can crash the
| server.

CVE-2017-7396[4]:
| In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an
| unauthenticated client can cause a small memory leak in the server.

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-7392
[1] https://security-tracker.debian.org/tracker/CVE-2017-7393
[2] https://security-tracker.debian.org/tracker/CVE-2017-7394
[3] https://security-tracker.debian.org/tracker/CVE-2017-7395
[4] https://security-tracker.debian.org/tracker/CVE-2017-7396

Regards,
Salvatore



More information about the Pkg-tigervnc-devel mailing list