Synopsis: Moderate: gtk-vnc security, bug fix, and enhancement Advisory ID: SLSA-2017:2258-1 Issue Date: 2017-08-01 CVE Numbers: CVE-2017-5884 CVE-2017-5885 -- The following packages have been upgraded to a later upstream version: gtk-vnc (0.7.0). Security Fix(es): * It was found that gtk-vnc lacked proper bounds checking while processing messages using RRE, hextile, or copyrect encodings. A remote malicious VNC server could use this flaw to crash VNC viewers which are based on the gtk-vnc library. (CVE-2017-5884) * An integer overflow flaw was found in gtk-vnc. A remote malicious VNC server could use this flaw to crash VNC viewers which are based on the gtk-vnc library. (CVE-2017-5885) -- SL7 x86_64 gtk-vnc-debuginfo-0.7.0-2.el7.i686.rpm gtk-vnc-debuginfo-0.7.0-2.el7.x86_64.rpm gtk-vnc2-0.7.0-2.el7.i686.rpm gtk-vnc2-0.7.0-2.el7.x86_64.rpm gvnc-0.7.0-2.el7.i686.rpm gvnc-0.7.0-2.el7.x86_64.rpm gtk-vnc-0.7.0-2.el7.i686.rpm gtk-vnc-0.7.0-2.el7.x86_64.rpm gtk-vnc-devel-0.7.0-2.el7.i686.rpm gtk-vnc-devel-0.7.0-2.el7.x86_64.rpm gtk-vnc-python-0.7.0-2.el7.x86_64.rpm gtk-vnc2-devel-0.7.0-2.el7.i686.rpm gtk-vnc2-devel-0.7.0-2.el7.x86_64.rpm gvnc-devel-0.7.0-2.el7.i686.rpm gvnc-devel-0.7.0-2.el7.x86_64.rpm gvnc-tools-0.7.0-2.el7.x86_64.rpm gvncpulse-0.7.0-2.el7.i686.rpm gvncpulse-0.7.0-2.el7.x86_64.rpm gvncpulse-devel-0.7.0-2.el7.i686.rpm gvncpulse-devel-0.7.0-2.el7.x86_64.rpm - Scientific Linux Development Team