CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
86.8%
CentOS Errata and Security Advisory CESA-2015:2233
Virtual Network Computing (VNC) is a remote display system which allows
users to view a computing desktop environment not only on the machine where
it is running, but from anywhere on the Internet and from a wide variety of
machine architectures. TigerVNC is a suite of VNC servers and clients.
The tigervnc packages contain a client which allows users to connect to
other desktops running a VNC server.
An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way TigerVNC handled screen sizes. A malicious VNC server
could use this flaw to cause a client to crash or, potentially, execute
arbitrary code on the client. (CVE-2014-8240)
A NULL pointer dereference flaw was found in TigerVNC’s XRegion.
A malicious VNC server could use this flaw to cause a client to crash.
(CVE-2014-8241)
The tigervnc packages have been upgraded to upstream version 1.3.1, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#1199453)
This update also fixes the following bug:
All tigervnc users are advised to upgrade to these updated packages, which
correct these issues and add these enhancements.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2015-November/028914.html
Affected packages:
tigervnc
tigervnc-icons
tigervnc-license
tigervnc-server
tigervnc-server-applet
tigervnc-server-minimal
tigervnc-server-module
Upstream details at:
https://access.redhat.com/errata/RHSA-2015:2233
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 7 | x86_64 | tigervnc | < 1.3.1-3.el7 | tigervnc-1.3.1-3.el7.x86_64.rpm |
CentOS | 7 | noarch | tigervnc-icons | < 1.3.1-3.el7 | tigervnc-icons-1.3.1-3.el7.noarch.rpm |
CentOS | 7 | noarch | tigervnc-license | < 1.3.1-3.el7 | tigervnc-license-1.3.1-3.el7.noarch.rpm |
CentOS | 7 | x86_64 | tigervnc-server | < 1.3.1-3.el7 | tigervnc-server-1.3.1-3.el7.x86_64.rpm |
CentOS | 7 | noarch | tigervnc-server-applet | < 1.3.1-3.el7 | tigervnc-server-applet-1.3.1-3.el7.noarch.rpm |
CentOS | 7 | x86_64 | tigervnc-server-minimal | < 1.3.1-3.el7 | tigervnc-server-minimal-1.3.1-3.el7.x86_64.rpm |
CentOS | 7 | x86_64 | tigervnc-server-module | < 1.3.1-3.el7 | tigervnc-server-module-1.3.1-3.el7.x86_64.rpm |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
86.8%