Amazon Linux 1 Security Advisory: ALAS-2015-576
Advisory Release Date: 2015-08-04 17:16 Pacific
Advisory Updated Date: 2015-08-04 17:48 Pacific
A heap-based buffer overflow was found in the way vncviewer rendered certain screen images from a vnc server. If a user could be tricked into connecting to a malicious vnc server, it may cause the vncviewer to crash, or could possibly execute arbitrary code with the permissions of the user running it.
Affected Packages:
tigervnc
Issue Correction:
Run yum update tigervnc to update your system.
i686:
tigervnc-debuginfo-1.3.0-7.23.amzn1.i686
tigervnc-server-module-1.3.0-7.23.amzn1.i686
tigervnc-server-1.3.0-7.23.amzn1.i686
tigervnc-1.3.0-7.23.amzn1.i686
src:
tigervnc-1.3.0-7.23.amzn1.src
x86_64:
tigervnc-server-module-1.3.0-7.23.amzn1.x86_64
tigervnc-1.3.0-7.23.amzn1.x86_64
tigervnc-server-1.3.0-7.23.amzn1.x86_64
tigervnc-debuginfo-1.3.0-7.23.amzn1.x86_64