Red Hat Local Security Checks : RedHat Update for tigervnc and fltk RHSA-2017:2000-01

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.871851

Categoría: Red Hat Local Security Checks

Título: RedHat Update for tigervnc and fltk RHSA-2017:2000-01

Resumen: The remote host is missing an update for the 'tigervnc and fltk'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'tigervnc and fltk'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Virtual Network Computing (VNC) is a remote
display system which allows users to view a computing desktop environment not
only on the machine where it is running, but from anywhere on the Internet and
from a wide variety of machine architectures. TigerVNC is a suite of VNC servers
and clients which allows users to connect to other desktops running a VNC
server. FLTK (pronounced 'fulltick') is a cross-platform C++ GUI toolkit. It
provides modern GUI functionality without the bloat, and supports 3D graphics
via OpenGL and its built-in GLUT emulation. The following packages have been
upgraded to a later upstream version: tigervnc (1.8.0), fltk (1.3.4).
(BZ#1388620, BZ#1413598) Security Fix(es): * A denial of service flaw was found
in the TigerVNC's Xvnc server. A remote unauthenticated attacker could use this
flaw to make Xvnc crash by terminating the TLS handshake process early.
(CVE-2016-10207) * A double free flaw was found in the way TigerVNC handled
ClientFence messages. A remote, authenticated attacker could use this flaw to
make Xvnc crash by sending specially crafted ClientFence messages, resulting in
denial of service. (CVE-2017-7393) * A missing input sanitization flaw was found
in the way TigerVNC handled credentials. A remote unauthenticated attacker could
use this flaw to make Xvnc crash by sending specially crafted usernames,
resulting in denial of service. (CVE-2017-7394) * An integer overflow flaw was
found in the way TigerVNC handled ClientCutText messages. A remote,
authenticated attacker could use this flaw to make Xvnc crash by sending
specially crafted ClientCutText messages, resulting in denial of service.
(CVE-2017-7395) * A buffer overflow flaw, leading to memory corruption, was
found in TigerVNC viewer. A remote malicious VNC server could use this flaw to
crash the client vncviewer process resulting in denial of service.
(CVE-2017-5581) * A memory leak flaw was found in the way TigerVNC handled
termination of VeNCrypt connections. A remote unauthenticated attacker could
repeatedly send connection requests to the Xvnc server, causing it to consume
large amounts of memory resources over time, and ultimately leading to a denial
of service due to memory exhaustion. (CVE-2017-7392) * A memory leak flaw was
found in the way TigerVNC handled client connections. A remote unauthenticated
attacker could repeatedly send connection requests to the Xvnc server, causing
it to consume large amounts of memory resources over time, and ultimately
leading to a denial of service due to memory exhaustion. (CVE-2017-7396)
Additional Changes: For detailed information on changes in this release, see the
Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.

Affected Software/OS:
tigervnc and fltk on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-10207
BugTraq ID: 96012
http://www.securityfocus.com/bid/96012
https://security.gentoo.org/glsa/201801-13
http://www.openwall.com/lists/oss-security/2017/02/02/22
http://www.openwall.com/lists/oss-security/2017/02/05/2
RedHat Security Advisories: RHSA-2017:0630
http://rhn.redhat.com/errata/RHSA-2017-0630.html
RedHat Security Advisories: RHSA-2017:2000
https://access.redhat.com/errata/RHSA-2017:2000
SuSE Security Announcement: openSUSE-SU-2017:0444 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00020.html
Common Vulnerability Exposure (CVE) ID: CVE-2017-5581
BugTraq ID: 95789
http://www.securityfocus.com/bid/95789
https://security.gentoo.org/glsa/201702-19
http://www.openwall.com/lists/oss-security/2017/01/22/1
http://www.openwall.com/lists/oss-security/2017/01/25/6
Common Vulnerability Exposure (CVE) ID: CVE-2017-7392
BugTraq ID: 97305
http://www.securityfocus.com/bid/97305
Common Vulnerability Exposure (CVE) ID: CVE-2017-7393
Common Vulnerability Exposure (CVE) ID: CVE-2017-7394
Common Vulnerability Exposure (CVE) ID: CVE-2017-7395
Common Vulnerability Exposure (CVE) ID: CVE-2017-7396

Copyright Copyright (C) 2017 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.871851
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for tigervnc and fltk RHSA-2017:2000-01
Resumen:	The remote host is missing an update for the 'tigervnc and fltk'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'tigervnc and fltk' package(s) announced via the referenced advisory. Vulnerability Insight: Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients which allows users to connect to other desktops running a VNC server. FLTK (pronounced 'fulltick') is a cross-platform C++ GUI toolkit. It provides modern GUI functionality without the bloat, and supports 3D graphics via OpenGL and its built-in GLUT emulation. The following packages have been upgraded to a later upstream version: tigervnc (1.8.0), fltk (1.3.4). (BZ#1388620, BZ#1413598) Security Fix(es): * A denial of service flaw was found in the TigerVNC's Xvnc server. A remote unauthenticated attacker could use this flaw to make Xvnc crash by terminating the TLS handshake process early. (CVE-2016-10207) * A double free flaw was found in the way TigerVNC handled ClientFence messages. A remote, authenticated attacker could use this flaw to make Xvnc crash by sending specially crafted ClientFence messages, resulting in denial of service. (CVE-2017-7393) * A missing input sanitization flaw was found in the way TigerVNC handled credentials. A remote unauthenticated attacker could use this flaw to make Xvnc crash by sending specially crafted usernames, resulting in denial of service. (CVE-2017-7394) * An integer overflow flaw was found in the way TigerVNC handled ClientCutText messages. A remote, authenticated attacker could use this flaw to make Xvnc crash by sending specially crafted ClientCutText messages, resulting in denial of service. (CVE-2017-7395) * A buffer overflow flaw, leading to memory corruption, was found in TigerVNC viewer. A remote malicious VNC server could use this flaw to crash the client vncviewer process resulting in denial of service. (CVE-2017-5581) * A memory leak flaw was found in the way TigerVNC handled termination of VeNCrypt connections. A remote unauthenticated attacker could repeatedly send connection requests to the Xvnc server, causing it to consume large amounts of memory resources over time, and ultimately leading to a denial of service due to memory exhaustion. (CVE-2017-7392) * A memory leak flaw was found in the way TigerVNC handled client connections. A remote unauthenticated attacker could repeatedly send connection requests to the Xvnc server, causing it to consume large amounts of memory resources over time, and ultimately leading to a denial of service due to memory exhaustion. (CVE-2017-7396) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. Affected Software/OS: tigervnc and fltk on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-10207 BugTraq ID: 96012 http://www.securityfocus.com/bid/96012 https://security.gentoo.org/glsa/201801-13 http://www.openwall.com/lists/oss-security/2017/02/02/22 http://www.openwall.com/lists/oss-security/2017/02/05/2 RedHat Security Advisories: RHSA-2017:0630 http://rhn.redhat.com/errata/RHSA-2017-0630.html RedHat Security Advisories: RHSA-2017:2000 https://access.redhat.com/errata/RHSA-2017:2000 SuSE Security Announcement: openSUSE-SU-2017:0444 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00020.html Common Vulnerability Exposure (CVE) ID: CVE-2017-5581 BugTraq ID: 95789 http://www.securityfocus.com/bid/95789 https://security.gentoo.org/glsa/201702-19 http://www.openwall.com/lists/oss-security/2017/01/22/1 http://www.openwall.com/lists/oss-security/2017/01/25/6 Common Vulnerability Exposure (CVE) ID: CVE-2017-7392 BugTraq ID: 97305 http://www.securityfocus.com/bid/97305 Common Vulnerability Exposure (CVE) ID: CVE-2017-7393 Common Vulnerability Exposure (CVE) ID: CVE-2017-7394 Common Vulnerability Exposure (CVE) ID: CVE-2017-7395 Common Vulnerability Exposure (CVE) ID: CVE-2017-7396
Copyright	Copyright (C) 2017 Greenbone AG