[Secure-testing-team] Bug#859259: tigervnc: CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396
Salvatore Bonaccorso
carnil at debian.org
Sat Apr 1 10:17:53 UTC 2017
Source: tigervnc
Version: 1.7.0+dfsg-6
Severity: grave
Tags: patch security upstream
Justification: user security hole
Hi,
the following vulnerabilities were published for tigervnc.
CVE-2017-7392[0]:
| In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx
| SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can
| cause a small memory leak in the server.
CVE-2017-7393[1]:
| In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an
| authenticated client can cause a double free, leading to denial of
| service or potentially code execution.
CVE-2017-7394[2]:
| In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg),
| unauthenticated users can crash the server by sending long usernames.
CVE-2017-7395[3]:
| In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by
| causing an integer overflow, an authenticated client can crash the
| server.
CVE-2017-7396[4]:
| In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an
| unauthenticated client can cause a small memory leak in the server.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-7392
[1] https://security-tracker.debian.org/tracker/CVE-2017-7393
[2] https://security-tracker.debian.org/tracker/CVE-2017-7394
[3] https://security-tracker.debian.org/tracker/CVE-2017-7395
[4] https://security-tracker.debian.org/tracker/CVE-2017-7396
Regards,
Salvatore
More information about the Secure-testing-team
mailing list