oss-sec mailing list archives

CVE request tigervnc: vnc server can crash when TLS handshake terminates early

From: Matthias Gerstner <mgerstner () suse de>
Date: Thu, 2 Feb 2017 14:11:56 +0100

Hello,

the Xvnc server from tigervnc can crash when a client terminates a TLS
connection early. This is due to invalid initialization/deinitialization
order of the GnuTLS library.

Upstream commit:

https://github.com/TigerVNC/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649

Reference:

https://bugzilla.suse.com/show_bug.cgi?id=1023012

This issue was reported/found by Ruediger Meier, Michal Srb (SUSE
Linux).

-- 
Matthias Gerstner <matthias.gerstner () suse de>
Dipl.-Wirtsch.-Inf. (FH), Security Engineer
https://www.suse.com/security
Telefon: +49 911 740 53 290

SUSE Linux GmbH 
GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG Nuernberg)

Attachment: signature.asc
Description: Digital signature

Current thread:

CVE request tigervnc: vnc server can crash when TLS handshake terminates early Matthias Gerstner (Feb 02)
- Re: CVE request tigervnc: vnc server can crash when TLS handshake terminates early cve-assign (Feb 04)