Oval Definition:oval:com.redhat.rhsa:def:20172258
Revision Date:2017-08-01Version:639
Title:RHSA-2017:2258: gtk-vnc security, bug fix, and enhancement update (Moderate)
Description:The gtk-vnc packages provide a VNC viewer widget for GTK. The gtk-vnc widget is built by using co-routines, which allows the widget to be completely asynchronous while remaining single-threaded.

  • The following packages have been upgraded to a later upstream version: gtk-vnc (0.7.0). (BZ#1416783)

    Security Fix(es):

  • It was found that gtk-vnc lacked proper bounds checking while processing messages using RRE, hextile, or copyrect encodings. A remote malicious VNC server could use this flaw to crash VNC viewers which are based on the gtk-vnc library. (CVE-2017-5884)

  • An integer overflow flaw was found in gtk-vnc. A remote malicious VNC server could use this flaw to crash VNC viewers which are based on the gtk-vnc library. (CVE-2017-5885)

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2017-5884
    CVE-2017-5885
    RHSA-2017:2258
    RHSA-2017:2258-01
    Platform(s):Red Hat Enterprise Linux 7
    Red Hat Enterprise Linux 7 (please do not use for >= RHEL-7.5)
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • gtk-vnc is earlier than 0:0.7.0-2.el7
  • AND gtk-vnc is signed with Red Hat redhatrelease2 key
  • gtk-vnc-devel is earlier than 0:0.7.0-2.el7
  • AND gtk-vnc-devel is signed with Red Hat redhatrelease2 key
  • gtk-vnc-python is earlier than 0:0.7.0-2.el7
  • AND gtk-vnc-python is signed with Red Hat redhatrelease2 key
  • gtk-vnc2 is earlier than 0:0.7.0-2.el7
  • AND gtk-vnc2 is signed with Red Hat redhatrelease2 key
  • gtk-vnc2-devel is earlier than 0:0.7.0-2.el7
  • AND gtk-vnc2-devel is signed with Red Hat redhatrelease2 key
  • gvnc is earlier than 0:0.7.0-2.el7
  • AND gvnc is signed with Red Hat redhatrelease2 key
  • gvnc-devel is earlier than 0:0.7.0-2.el7
  • AND gvnc-devel is signed with Red Hat redhatrelease2 key
  • gvnc-tools is earlier than 0:0.7.0-2.el7
  • AND gvnc-tools is signed with Red Hat redhatrelease2 key
  • gvncpulse is earlier than 0:0.7.0-2.el7
  • AND gvncpulse is signed with Red Hat redhatrelease2 key
  • gvncpulse-devel is earlier than 0:0.7.0-2.el7
  • AND gvncpulse-devel is signed with Red Hat redhatrelease2 key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 7 Client is installed
  • OR Red Hat Enterprise Linux 7 Server is installed
  • OR Red Hat Enterprise Linux 7 Workstation is installed
  • OR Red Hat Enterprise Linux 7 ComputeNode is installed
  • AND Package Information
  • gvncpulse is earlier than 0:0.7.0-2.el7
  • AND gvncpulse is signed with Red Hat redhatrelease2 key
  • OR
  • gvncpulse-devel is earlier than 0:0.7.0-2.el7
  • AND gvncpulse-devel is signed with Red Hat redhatrelease2 key
  • OR
  • gtk-vnc2-devel is earlier than 0:0.7.0-2.el7
  • AND gtk-vnc2-devel is signed with Red Hat redhatrelease2 key
  • OR
  • gtk-vnc is earlier than 0:0.7.0-2.el7
  • AND gtk-vnc is signed with Red Hat redhatrelease2 key
  • OR
  • gvnc-devel is earlier than 0:0.7.0-2.el7
  • AND gvnc-devel is signed with Red Hat redhatrelease2 key
  • OR
  • gvnc-tools is earlier than 0:0.7.0-2.el7
  • AND gvnc-tools is signed with Red Hat redhatrelease2 key
  • OR
  • gtk-vnc-devel is earlier than 0:0.7.0-2.el7
  • AND gtk-vnc-devel is signed with Red Hat redhatrelease2 key
  • OR
  • gtk-vnc-python is earlier than 0:0.7.0-2.el7
  • AND gtk-vnc-python is signed with Red Hat redhatrelease2 key
  • OR
  • gvnc is earlier than 0:0.7.0-2.el7
  • AND gvnc is signed with Red Hat redhatrelease2 key
  • OR
  • gtk-vnc2 is earlier than 0:0.7.0-2.el7
  • AND gtk-vnc2 is signed with Red Hat redhatrelease2 key
    • BACK