ALAS-2017-879


Amazon Linux AMI Security Advisory: ALAS-2017-879
Advisory Release Date: 2017-08-31 15:56 Pacific
Advisory Updated Date: 2017-08-31 23:05 Pacific
Severity: Medium

Issue Overview:

Buffer overflow in ModifiablePixelBuffer::fillRect
A buffer overflow flaw, leading to memory corruption, was found in TigerVNC viewer. A remote malicious VNC server could use this flaw to crash the client vncviewer process resulting in denial of service. (CVE-2017-5581)

VNC server can crash when TLS handshake terminates early:
A denial of service flaw was found in the TigerVNC's Xvnc server. A remote unauthenticated attacker could use this flaw to make Xvnc crash by terminating the TLS handshake process early. (CVE-2016-10207)

SSecurityVeNCrypt memory leak:
A memory leak flaw was found in the way TigerVNC handled termination of VeNCrypt connections. A remote unauthenticated attacker could repeatedly send connection requests to the Xvnc server, causing it to consume large amounts of memory resources over time, and ultimately leading to a denial of service due to memory exhaustion. (CVE-2017-7392)

Double free via crafted fences:
A double free flaw was found in the way TigerVNC handled ClientFence messages. A remote, authenticated attacker could use this flaw to make Xvnc crash by sending specially crafted ClientFence messages, resulting in denial of service. (CVE-2017-7393)

Server crash via long usernames:
A missing input sanitization flaw was found in the way TigerVNC handled credentials. A remote unauthenticated attacker could use this flaw to make Xvnc crash by sending specially crafted usernames, resulting in denial of service. (CVE-2017-7394)

Integer overflow in SMsgReader::readClientCutText:
An integer overflow flaw was found in the way TigerVNC handled ClientCutText messages. A remote, authenticated attacker could use this flaw to make Xvnc crash by sending specially crafted ClientCutText messages, resulting in denial of service. (CVE-2017-7395)

SecurityServer and ClientServer memory leaks:
A memory leak flaw was found in the way TigerVNC handled client connections. A remote unauthenticated attacker could repeatedly send connection requests to the Xvnc server, causing it to consume large amounts of memory resources over time, and ultimately leading to a denial of service due to memory exhaustion. (CVE-2017-7396)


Affected Packages:

tigervnc


Issue Correction:
Run yum update tigervnc to update your system.

New Packages:
i686:
    tigervnc-debuginfo-1.8.0-1.32.amzn1.i686
    tigervnc-server-module-1.8.0-1.32.amzn1.i686
    tigervnc-server-1.8.0-1.32.amzn1.i686
    tigervnc-1.8.0-1.32.amzn1.i686

src:
    tigervnc-1.8.0-1.32.amzn1.src

x86_64:
    tigervnc-1.8.0-1.32.amzn1.x86_64
    tigervnc-server-module-1.8.0-1.32.amzn1.x86_64
    tigervnc-server-1.8.0-1.32.amzn1.x86_64
    tigervnc-debuginfo-1.8.0-1.32.amzn1.x86_64