oss-sec mailing list archives
Re: CVE request tigervnc: vnc server can crash when TLS handshake terminates early
From: <cve-assign () mitre org>
Date: Sat, 4 Feb 2017 21:34:03 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
the Xvnc server from tigervnc can crash when a client terminates a TLS connection early. This is due to invalid initialization/deinitialization order of the GnuTLS library. Upstream commit: https://github.com/TigerVNC/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649
Proper global init/deinit of GnuTLS
https://bugzilla.suse.com/show_bug.cgi?id=1023012
Use CVE-2016-10207. The scope of this CVE does not include https://bugzilla.suse.com/show_bug.cgi?id=1023012#c11 - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYlo4DAAoJEHb/MwWLVhi25I8P/2B7bVNkmS9zQsDaRGvcAiuL U84Xq5w9mhbN5yXoSxYwBXaIYrj6u/taDdjvBawg6qDVPEOGeKL/DpPLWRTF86PH 46UOEVnsSYqov03fTp111E21OTjfoqetvYe8ES/rz1SRvYB4hOHFlDqlKjYafXlm Y97kXu8SaMiL5218a+smIpEM78nyu5b8IalQMh9yZpEdwr549gNQR8TmSBfb7e0C EkIVRHSHTX4j7pjRCg0TmfvCohsaDQ7kiXPFhUN+lqNwpr0porVh4hBH2wgwHult OFBTIQ4DMCmXu9+mJX6RCQWq3/S0FqeRZ0NzFQlaSUZCGC6ouDRIyFizLJr4OnOb cZNaiCWknBQ96ftg2qNVjuulPZuteCdt7J0WOsLNel/8YGM/ovqCZgcu0jL9Vv+g 5GCZSK6sUKCAv6yuBtwkAyccPv98nWvWVvjgBBvd/wZLPOEFfp07uV8k/Wz9NX/2 sghtxXv5k8/zsVuFhk5Ry0RyTKx2YGGraTgdzukRikE1ZqvUr99DjAqkALYhnXYc 9zxqZRkBU7AepN3K2T0sil8niPRUb54AUw3xfpzvbcQtOhx4IoTHNLES9CEliE9m fAuvPL+18/UGZ72e9OwLMU1ET3vfEgeN+nbAhy+kmkM5S3d9FtNl22Gd44F3R/Pt P/sdVfWREufsGbgVNeKA =j2T3 -----END PGP SIGNATURE-----
Current thread:
- CVE request tigervnc: vnc server can crash when TLS handshake terminates early Matthias Gerstner (Feb 02)
- Re: CVE request tigervnc: vnc server can crash when TLS handshake terminates early cve-assign (Feb 04)