MGASA-2020-0042 - Updated tigervnc packages fix security vulnerabilities

Publication date: 19 Jan 2020
URL: https://advisories.mageia.org/MGASA-2020-0042.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2019-15691,
     CVE-2019-15692,
     CVE-2019-15693,
     CVE-2019-15694,
     CVE-2019-15695

Updated tigervnc packages fix security vulnerabilities:

The tigervnc package has been updated to version 1.10.1 to fix multiple
unspecified security issues. These issues affect both the client and server
and could theoretically allow an malicious peer to take control over the
software on the other side. No working exploit is known at this time, and
the issues require the peer to first be authenticated (CVE-2019-15691,
CVE-2019-15692, CVE-2019-15693, CVE-2019-15694, CVE-2019-15695).

References:
- https://bugs.mageia.org/show_bug.cgi?id=25917
- https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1
- https://www.openwall.com/lists/oss-security/2019/12/20/2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15691
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15692
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15693
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15694
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15695

SRPMS:
- 7/core/tigervnc-1.10.1-1.mga7