SciLinux: CVE-2008-4770 Moderate: vnc SL3.x, SL4.x, SL5.x i386/x86_64
Summary
Date: Wed, 11 Feb 2009 14:52:20 -0600Reply-To: Troy DawsonSender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Moderate: vnc on SL3.x, SL4.x, SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov" Synopsis: Moderate: vnc security updateIssue date: 2009-02-11CVE Names: CVE-2008-4770An insufficient input validation flaw was discovered in the VNC clientapplication, vncviewer. If an attacker could convince a victim toconnect to a malicious VNC server, or when an attacker was able toconnect to vncviewer running in the "listen" mode, the attacker couldcause the victim's vncviewer to crash or, possibly, execute arbitrarycode. (CVE-2008-4770)For the update to take effect, all running instances of vncviewer mustbe restarted after the update is installed.SL 3.0.x SRPMS:vnc-4.0-0.beta4.1.8.src.rpm i386:vnc-4.0-0.beta4.1.8.i386.rpmvnc-server-4.0-0.beta4.1.8.i386.rpm x86_64:vnc-4.0-0.beta4.1.8.x86_64.rpmvnc-server-4.0-0.beta4.1.8.x86_64.rpmSL 4.x SRPMS:vnc-4.0-12.el4_7.1.src.rpm i386:vnc-4.0-12.el4_7.1.i386.rpmvnc-server-4.0-12.el4_7.1.i386.rpm x86_64:vnc-4.0-12.el4_7.1.x86_64.rpmvnc-server-4.0-12.el4_7.1.x86_64.rpmSL 5.x SRPMS:vnc-4.1.2-14.el5_3.1.src.rpm i386:vnc-4.1.2-14.el5_3.1.i386.rpmvnc-server-4.1.2-14.el5_3.1.i386.rpm x86_64:vnc-4.1.2-14.el5_3.1.x86_64.rpmvnc-server-4.1.2-14.el5_3.1.x86_64.rpm-Connie Sieh-Troy Dawson