This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
An update for gtk-vnc is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
The gtk-vnc packages provide a VNC viewer widget for GTK. The gtk-vnc
widget is built by using co-routines, which allows the widget to be
completely asynchronous while remaining single-threaded.
The following packages have been upgraded to a later upstream version:
gtk-vnc (0.7.0). (BZ#1416783)
Security Fix(es) :
* It was found that gtk-vnc lacked proper bounds checking while
processing messages using RRE, hextile, or copyrect encodings. A
remote malicious VNC server could use this flaw to crash VNC viewers
which are based on the gtk-vnc library. (CVE-2017-5884)
* An integer overflow flaw was found in gtk-vnc. A remote malicious
VNC server could use this flaw to crash VNC viewers which are based on
the gtk-vnc library. (CVE-2017-5885)
Additional Changes :
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.4 Release Notes linked from the References section.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.8
Public Exploit Available : true