RedHat has issued an advisory on November 19: https://rhn.redhat.com/errata/RHSA-2015-2233.html All the changes they made should be of interest: https://git.centos.org/commit/rpms!tigervnc.git/refs!heads!c7 For Cauldron, we'll also need the xserver 1.18 patch from Fedora: https://git.centos.org/commit/rpms!tigervnc.git/refs!heads!c7 Mageia 5 is also affected. Reproducible: Steps to Reproduce:
(In reply to David Walser from comment #0) > For Cauldron, we'll also need the xserver 1.18 patch from Fedora: > https://git.centos.org/commit/rpms!tigervnc.git/refs!heads!c7 Should have been: http://pkgs.fedoraproject.org/cgit/tigervnc.git/log/?h=f23 But that's already been done.
Patched packages uploaded for Mageia 5 and Cauldron. Looking at the patches, 8240 is about the server sending invalid screen sizes and 8241 is about the server doing something that would cause Xmalloc calls to fail (and the code was missing checks for Xmalloc failing) resulting in the NULL dereference. Advisory: ======================== Updated tigervnc packages fix security vulnerabilities: An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way TigerVNC handled screen sizes. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code on the client (CVE-2014-8240). A NULL pointer dereference flaw was found in TigerVNC's XRegion. A malicious VNC server could use this flaw to cause a client to crash (CVE-2014-8241). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8240 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8241 https://rhn.redhat.com/errata/RHSA-2015-2233.html ======================== Updated packages in core/updates_testing: ======================== tigervnc-1.3.1-6.1.mga5 tigervnc-server-1.3.1-6.1.mga5 tigervnc-server-module-1.3.1-6.1.mga5 tigervnc-java-1.3.1-6.1.mga5 from tigervnc-1.3.1-6.1.mga5.src.rpm
Version: Cauldron => 5Assignee: bugsquad => qa-bugs
MGA5-32 on Acer D620 Xfce No installation issues. Followed test instructions as per bug 13082 Comment 9 I could start vncserver and vncviewer on a separate workspace. IceWM runs and I could start Kpatience in it.
CC: (none) => herman.viaeneWhiteboard: (none) => has_procedure MGA5-32-OK
Validating. Advisory uploaded. Please push to 5 updates Thanks
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA5-32-OK => has_procedure advisory MGA5-32-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0459.html
Status: NEW => RESOLVEDResolution: (none) => FIXED