-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: tigervnc and fltk security, bug fix, and enhancement update Advisory ID: RHSA-2017:2000-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2000 Issue date: 2017-08-01 CVE Names: CVE-2016-10207 CVE-2017-5581 CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396 ===================================================================== 1. Summary: An update for tigervnc and fltk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 3. Description: Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients which allows users to connect to other desktops running a VNC server. FLTK (pronounced "fulltick") is a cross-platform C++ GUI toolkit. It provides modern GUI functionality without the bloat, and supports 3D graphics via OpenGL and its built-in GLUT emulation. The following packages have been upgraded to a later upstream version: tigervnc (1.8.0), fltk (1.3.4). (BZ#1388620, BZ#1413598) Security Fix(es): * A denial of service flaw was found in the TigerVNC's Xvnc server. A remote unauthenticated attacker could use this flaw to make Xvnc crash by terminating the TLS handshake process early. (CVE-2016-10207) * A double free flaw was found in the way TigerVNC handled ClientFence messages. A remote, authenticated attacker could use this flaw to make Xvnc crash by sending specially crafted ClientFence messages, resulting in denial of service. (CVE-2017-7393) * A missing input sanitization flaw was found in the way TigerVNC handled credentials. A remote unauthenticated attacker could use this flaw to make Xvnc crash by sending specially crafted usernames, resulting in denial of service. (CVE-2017-7394) * An integer overflow flaw was found in the way TigerVNC handled ClientCutText messages. A remote, authenticated attacker could use this flaw to make Xvnc crash by sending specially crafted ClientCutText messages, resulting in denial of service. (CVE-2017-7395) * A buffer overflow flaw, leading to memory corruption, was found in TigerVNC viewer. A remote malicious VNC server could use this flaw to crash the client vncviewer process resulting in denial of service. (CVE-2017-5581) * A memory leak flaw was found in the way TigerVNC handled termination of VeNCrypt connections. A remote unauthenticated attacker could repeatedly send connection requests to the Xvnc server, causing it to consume large amounts of memory resources over time, and ultimately leading to a denial of service due to memory exhaustion. (CVE-2017-7392) * A memory leak flaw was found in the way TigerVNC handled client connections. A remote unauthenticated attacker could repeatedly send connection requests to the Xvnc server, causing it to consume large amounts of memory resources over time, and ultimately leading to a denial of service due to memory exhaustion. (CVE-2017-7396) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1343899 - Disabling vncconfig window 1358090 - shared memory leakage in vncviewer 1388620 - [REBASE] Tigervnc from 1.3 to 1.8 1393971 - [RFE] systemd unit for Xvnc (not vncserver) 1410164 - tigervnc-server fails to remove /tmp files if not gracefully shut down 1413598 - [REBASE] Update fltk to 1.3.4 for tigervnc 1415547 - Rebuilding tigervnc SRPM stops at applying Patch101 1415712 - CVE-2017-5581 tigervnc: Buffer overflow in ModifiablePixelBuffer::fillRect 1418761 - CVE-2016-10207 tigervnc: VNC server can crash when TLS handshake terminates early 1438694 - CVE-2017-7392 tigervnc: SSecurityVeNCrypt memory leak 1438697 - CVE-2017-7393 tigervnc: Double free via crafted fences 1438700 - CVE-2017-7394 tigervnc: Server crash via long usernames 1438701 - CVE-2017-7395 tigervnc: Integer overflow in SMsgReader::readClientCutText 1438703 - CVE-2017-7396 tigervnc: SecurityServer and ClientServer memory leaks 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: fltk-1.3.4-1.el7.src.rpm tigervnc-1.8.0-1.el7.src.rpm noarch: tigervnc-icons-1.8.0-1.el7.noarch.rpm tigervnc-license-1.8.0-1.el7.noarch.rpm x86_64: fltk-1.3.4-1.el7.i686.rpm fltk-1.3.4-1.el7.x86_64.rpm fltk-debuginfo-1.3.4-1.el7.i686.rpm fltk-debuginfo-1.3.4-1.el7.x86_64.rpm tigervnc-1.8.0-1.el7.x86_64.rpm tigervnc-debuginfo-1.8.0-1.el7.x86_64.rpm tigervnc-server-1.8.0-1.el7.x86_64.rpm tigervnc-server-minimal-1.8.0-1.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: tigervnc-server-applet-1.8.0-1.el7.noarch.rpm x86_64: fltk-debuginfo-1.3.4-1.el7.i686.rpm fltk-debuginfo-1.3.4-1.el7.x86_64.rpm fltk-devel-1.3.4-1.el7.i686.rpm fltk-devel-1.3.4-1.el7.x86_64.rpm fltk-fluid-1.3.4-1.el7.x86_64.rpm fltk-static-1.3.4-1.el7.i686.rpm fltk-static-1.3.4-1.el7.x86_64.rpm tigervnc-debuginfo-1.8.0-1.el7.x86_64.rpm tigervnc-server-module-1.8.0-1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: tigervnc-1.8.0-1.el7.src.rpm noarch: tigervnc-license-1.8.0-1.el7.noarch.rpm x86_64: tigervnc-debuginfo-1.8.0-1.el7.x86_64.rpm tigervnc-server-minimal-1.8.0-1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: fltk-1.3.4-1.el7.src.rpm noarch: tigervnc-icons-1.8.0-1.el7.noarch.rpm tigervnc-server-applet-1.8.0-1.el7.noarch.rpm x86_64: fltk-1.3.4-1.el7.i686.rpm fltk-1.3.4-1.el7.x86_64.rpm fltk-debuginfo-1.3.4-1.el7.i686.rpm fltk-debuginfo-1.3.4-1.el7.x86_64.rpm fltk-devel-1.3.4-1.el7.i686.rpm fltk-devel-1.3.4-1.el7.x86_64.rpm fltk-fluid-1.3.4-1.el7.x86_64.rpm fltk-static-1.3.4-1.el7.i686.rpm fltk-static-1.3.4-1.el7.x86_64.rpm tigervnc-1.8.0-1.el7.x86_64.rpm tigervnc-debuginfo-1.8.0-1.el7.x86_64.rpm tigervnc-server-1.8.0-1.el7.x86_64.rpm tigervnc-server-module-1.8.0-1.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: fltk-1.3.4-1.el7.src.rpm tigervnc-1.8.0-1.el7.src.rpm aarch64: fltk-1.3.4-1.el7.aarch64.rpm fltk-debuginfo-1.3.4-1.el7.aarch64.rpm tigervnc-1.8.0-1.el7.aarch64.rpm tigervnc-debuginfo-1.8.0-1.el7.aarch64.rpm tigervnc-server-1.8.0-1.el7.aarch64.rpm tigervnc-server-minimal-1.8.0-1.el7.aarch64.rpm noarch: tigervnc-icons-1.8.0-1.el7.noarch.rpm tigervnc-license-1.8.0-1.el7.noarch.rpm ppc64: fltk-1.3.4-1.el7.ppc.rpm fltk-1.3.4-1.el7.ppc64.rpm fltk-debuginfo-1.3.4-1.el7.ppc.rpm fltk-debuginfo-1.3.4-1.el7.ppc64.rpm tigervnc-1.8.0-1.el7.ppc64.rpm tigervnc-debuginfo-1.8.0-1.el7.ppc64.rpm tigervnc-server-1.8.0-1.el7.ppc64.rpm tigervnc-server-minimal-1.8.0-1.el7.ppc64.rpm ppc64le: fltk-1.3.4-1.el7.ppc64le.rpm fltk-debuginfo-1.3.4-1.el7.ppc64le.rpm tigervnc-1.8.0-1.el7.ppc64le.rpm tigervnc-debuginfo-1.8.0-1.el7.ppc64le.rpm tigervnc-server-1.8.0-1.el7.ppc64le.rpm tigervnc-server-minimal-1.8.0-1.el7.ppc64le.rpm s390x: fltk-1.3.4-1.el7.s390.rpm fltk-1.3.4-1.el7.s390x.rpm fltk-debuginfo-1.3.4-1.el7.s390.rpm fltk-debuginfo-1.3.4-1.el7.s390x.rpm tigervnc-1.8.0-1.el7.s390x.rpm tigervnc-debuginfo-1.8.0-1.el7.s390x.rpm tigervnc-server-1.8.0-1.el7.s390x.rpm tigervnc-server-minimal-1.8.0-1.el7.s390x.rpm x86_64: fltk-1.3.4-1.el7.i686.rpm fltk-1.3.4-1.el7.x86_64.rpm fltk-debuginfo-1.3.4-1.el7.i686.rpm fltk-debuginfo-1.3.4-1.el7.x86_64.rpm tigervnc-1.8.0-1.el7.x86_64.rpm tigervnc-debuginfo-1.8.0-1.el7.x86_64.rpm tigervnc-server-1.8.0-1.el7.x86_64.rpm tigervnc-server-minimal-1.8.0-1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): aarch64: fltk-debuginfo-1.3.4-1.el7.aarch64.rpm fltk-devel-1.3.4-1.el7.aarch64.rpm fltk-fluid-1.3.4-1.el7.aarch64.rpm fltk-static-1.3.4-1.el7.aarch64.rpm tigervnc-debuginfo-1.8.0-1.el7.aarch64.rpm tigervnc-server-module-1.8.0-1.el7.aarch64.rpm noarch: tigervnc-server-applet-1.8.0-1.el7.noarch.rpm ppc64: fltk-debuginfo-1.3.4-1.el7.ppc.rpm fltk-debuginfo-1.3.4-1.el7.ppc64.rpm fltk-devel-1.3.4-1.el7.ppc.rpm fltk-devel-1.3.4-1.el7.ppc64.rpm fltk-fluid-1.3.4-1.el7.ppc64.rpm fltk-static-1.3.4-1.el7.ppc.rpm fltk-static-1.3.4-1.el7.ppc64.rpm tigervnc-debuginfo-1.8.0-1.el7.ppc64.rpm tigervnc-server-module-1.8.0-1.el7.ppc64.rpm ppc64le: fltk-debuginfo-1.3.4-1.el7.ppc64le.rpm fltk-devel-1.3.4-1.el7.ppc64le.rpm fltk-fluid-1.3.4-1.el7.ppc64le.rpm fltk-static-1.3.4-1.el7.ppc64le.rpm tigervnc-debuginfo-1.8.0-1.el7.ppc64le.rpm tigervnc-server-module-1.8.0-1.el7.ppc64le.rpm s390x: fltk-debuginfo-1.3.4-1.el7.s390.rpm fltk-debuginfo-1.3.4-1.el7.s390x.rpm fltk-devel-1.3.4-1.el7.s390.rpm fltk-devel-1.3.4-1.el7.s390x.rpm fltk-fluid-1.3.4-1.el7.s390x.rpm fltk-static-1.3.4-1.el7.s390.rpm fltk-static-1.3.4-1.el7.s390x.rpm x86_64: fltk-debuginfo-1.3.4-1.el7.i686.rpm fltk-debuginfo-1.3.4-1.el7.x86_64.rpm fltk-devel-1.3.4-1.el7.i686.rpm fltk-devel-1.3.4-1.el7.x86_64.rpm fltk-fluid-1.3.4-1.el7.x86_64.rpm fltk-static-1.3.4-1.el7.i686.rpm fltk-static-1.3.4-1.el7.x86_64.rpm tigervnc-debuginfo-1.8.0-1.el7.x86_64.rpm tigervnc-server-module-1.8.0-1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: fltk-1.3.4-1.el7.src.rpm tigervnc-1.8.0-1.el7.src.rpm noarch: tigervnc-icons-1.8.0-1.el7.noarch.rpm tigervnc-license-1.8.0-1.el7.noarch.rpm x86_64: fltk-1.3.4-1.el7.i686.rpm fltk-1.3.4-1.el7.x86_64.rpm fltk-debuginfo-1.3.4-1.el7.i686.rpm fltk-debuginfo-1.3.4-1.el7.x86_64.rpm tigervnc-1.8.0-1.el7.x86_64.rpm tigervnc-debuginfo-1.8.0-1.el7.x86_64.rpm tigervnc-server-1.8.0-1.el7.x86_64.rpm tigervnc-server-minimal-1.8.0-1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: tigervnc-server-applet-1.8.0-1.el7.noarch.rpm x86_64: fltk-debuginfo-1.3.4-1.el7.i686.rpm fltk-debuginfo-1.3.4-1.el7.x86_64.rpm fltk-devel-1.3.4-1.el7.i686.rpm fltk-devel-1.3.4-1.el7.x86_64.rpm fltk-fluid-1.3.4-1.el7.x86_64.rpm fltk-static-1.3.4-1.el7.i686.rpm fltk-static-1.3.4-1.el7.x86_64.rpm tigervnc-debuginfo-1.8.0-1.el7.x86_64.rpm tigervnc-server-module-1.8.0-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-10207 https://access.redhat.com/security/cve/CVE-2017-5581 https://access.redhat.com/security/cve/CVE-2017-7392 https://access.redhat.com/security/cve/CVE-2017-7393 https://access.redhat.com/security/cve/CVE-2017-7394 https://access.redhat.com/security/cve/CVE-2017-7395 https://access.redhat.com/security/cve/CVE-2017-7396 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.4_Release_Notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZgOqaXlSAg2UNWIIRAp/cAJ9F1dYdqxlJTpzsV9KUEKK67xq6LwCfUVqb gW2q/s8OKDowmUL3FPH2fKo= =0uca -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce