RHEL 7 : gtk-vnc (RHSA-2017:2258)
High Nessus Plugin ID 102153
SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionAn update for gtk-vnc is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
The gtk-vnc packages provide a VNC viewer widget for GTK. The gtk-vnc widget is built by using co-routines, which allows the widget to be completely asynchronous while remaining single-threaded.
The following packages have been upgraded to a later upstream version:
gtk-vnc (0.7.0). (BZ#1416783)
Security Fix(es) :
* It was found that gtk-vnc lacked proper bounds checking while processing messages using RRE, hextile, or copyrect encodings. A remote malicious VNC server could use this flaw to crash VNC viewers which are based on the gtk-vnc library. (CVE-2017-5884)
* An integer overflow flaw was found in gtk-vnc. A remote malicious VNC server could use this flaw to crash VNC viewers which are based on the gtk-vnc library. (CVE-2017-5885)
Additional Changes :
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
SolutionUpdate the affected packages.