Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Scientific Linux: CVE-2011-1164 Moderate: Vino Remote Access Issues

Scientific Large Esm H446
Moderate: vino security update
Date: Tue, 22 Jan 2013 09:06:47 -0600
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Organization: Fermilab
Subject: Security ERRATA Moderate: vino on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Moderate: vino security update
Issue Date: 2013-01-21
CVE Numbers: CVE-2011-1164
 CVE-2011-1165
 CVE-2011-0904
 CVE-2011-0905
 CVE-2012-4429
--

It was found that Vino transmitted all clipboard activity on the system
running
Vino to all clients connected to port 5900, even those who had not
authenticated. A remote attacker who is able to access port 5900 on a system
running Vino could use this flaw to read clipboard data without
authenticating.
(CVE-2012-4429)

Two out-of-bounds memory read flaws were found in the way Vino processed
client
framebuffer requests in certain encodings. An authenticated client could use
these flaws to send a specially-crafted request to Vino, causing it to
crash.
(CVE-2011-0904, CVE-2011-0905)

In certain circumstances, the vino-preferences dialog box incorrectly
indicated
that Vino was only accessible from the local network. This could confuse
a user
into believing connections from external networks are not allowed (even when
they are allowed). With this update, vino-preferences no longer displays
connectivity and reachable information. (CVE-2011-1164)

There was no warning that Universal Plug and Play (UPnP) was used to
open ports
on a user's network router when the "Configure network automatically to
accept
connections" option was enabled (it is disabled by default) in the Vino
preferences. This update changes the option's description to avoid the
risk of
a UPnP router configuration change without the user's consent.
(CVE-2011-1165)

The GNOME session must be restarted (log out, then log back in) for this
update
to take effect.
--

SL6
 x86_64
 vino-2.28.1-8.el6_3.x86_64.rpm
 vino-debuginfo-2.28.1-8.el6_3.x86_64.rpm
 i386
 vino-2.28.1-8.el6_3.i686.rpm
 vino-debuginfo-2.28.1-8.el6_3.i686.rpm

- Scientific Linux Development Team
Your message here