ALAS-2015-623


Amazon Linux AMI Security Advisory: ALAS-2015-623
Advisory Release Date: 2015-12-13 14:23 Pacific
Severity: Medium

Issue Overview:

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way TigerVNC handled screen sizes. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code on the client.

A NULL pointer dereference flaw was found in TigerVNC's XRegion. A malicious VNC server could use this flaw to cause a client to crash.


Affected Packages:

tigervnc


Issue Correction:
Run yum update tigervnc to update your system.

New Packages:
i686:
    tigervnc-debuginfo-1.3.1-3.31.amzn1.i686
    tigervnc-server-1.3.1-3.31.amzn1.i686
    tigervnc-server-module-1.3.1-3.31.amzn1.i686
    tigervnc-1.3.1-3.31.amzn1.i686

src:
    tigervnc-1.3.1-3.31.amzn1.src

x86_64:
    tigervnc-server-module-1.3.1-3.31.amzn1.x86_64
    tigervnc-server-1.3.1-3.31.amzn1.x86_64
    tigervnc-debuginfo-1.3.1-3.31.amzn1.x86_64
    tigervnc-1.3.1-3.31.amzn1.x86_64