ALAS-2015-576


Amazon Linux AMI Security Advisory: ALAS-2015-576
Advisory Release Date: 2015-08-04 17:48 Pacific
Severity: Medium
References: CVE-2014-0011 

Issue Overview:

A heap-based buffer overflow was found in the way vncviewer rendered certain screen images from a vnc server. If a user could be tricked into connecting to a malicious vnc server, it may cause the vncviewer to crash, or could possibly execute arbitrary code with the permissions of the user running it.


Affected Packages:

tigervnc


Issue Correction:
Run yum update tigervnc to update your system.

New Packages:
i686:
    tigervnc-debuginfo-1.3.0-7.23.amzn1.i686
    tigervnc-server-module-1.3.0-7.23.amzn1.i686
    tigervnc-server-1.3.0-7.23.amzn1.i686
    tigervnc-1.3.0-7.23.amzn1.i686

src:
    tigervnc-1.3.0-7.23.amzn1.src

x86_64:
    tigervnc-server-module-1.3.0-7.23.amzn1.x86_64
    tigervnc-1.3.0-7.23.amzn1.x86_64
    tigervnc-server-1.3.0-7.23.amzn1.x86_64
    tigervnc-debuginfo-1.3.0-7.23.amzn1.x86_64