Viewer can send password without proper validation of X.509 certs (CVE-2011-1775).
Signed-off-by: Adam Tkac <atkac@redhat.com>
This commit is contained in:
Adam Tkac
parent
6120831ded
commit
c2263a87d8
@ -1,6 +1,6 @@
|
||||
Name: tigervnc
|
||||
Version: 1.0.90
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
Summary: A TigerVNC remote display system
|
||||
|
||||
Group: User Interface/Desktops
|
||||
@ -46,6 +46,7 @@ Patch11: tigervnc11-gethomedir.patch
|
||||
Patch12: tigervnc11-glx.patch
|
||||
Patch13: tigervnc11-rh692048.patch
|
||||
Patch14: 0001-Use-memmove-instead-of-memcpy-in-fbblt.c-when-memory.patch
|
||||
Patch15: tigervnc11-CVE-2011-1775.patch
|
||||
|
||||
%description
|
||||
Virtual Network Computing (VNC) is a remote display system which
|
||||
@ -144,6 +145,8 @@ patch -p1 -b --suffix .vnc < %{SOURCE7}
|
||||
%patch14 -p1 -b .memcpy
|
||||
popd
|
||||
|
||||
%patch15 -p0 -b .CVE-2011-1775
|
||||
|
||||
# Use newer gettext
|
||||
sed -i 's/AM_GNU_GETTEXT_VERSION.*/AM_GNU_GETTEXT_VERSION([0.18.1])/' \
|
||||
configure.ac
|
||||
@ -304,6 +307,10 @@ fi
|
||||
%doc LICENCE.TXT
|
||||
|
||||
%changelog
|
||||
* Tue May 10 2011 Adam Tkac <atkac redhat com> - 1.0.90-4
|
||||
- viewer can send password without proper validation of X.509 certs
|
||||
(CVE-2011-1775)
|
||||
|
||||
* Wed Apr 13 2011 Adam Tkac <atkac redhat com> - 1.0.90-3
|
||||
- fix wrong usage of memcpy which caused screen artifacts (#652590)
|
||||
- don't point to inaccessible link in sysconfig/vncservers (#644975)
|
||||
|
||||
22
tigervnc11-CVE-2011-1775.patch
Normal file
22
tigervnc11-CVE-2011-1775.patch
Normal file
@ -0,0 +1,22 @@
|
||||
Index: common/rfb/CSecurityTLS.cxx
|
||||
===================================================================
|
||||
--- common/rfb/CSecurityTLS.cxx (revision 4399)
|
||||
+++ common/rfb/CSecurityTLS.cxx (revision 4400)
|
||||
@@ -171,8 +171,15 @@
|
||||
if (!is->checkNoWait(1))
|
||||
return false;
|
||||
|
||||
- if (is->readU8() == 0)
|
||||
- return true;
|
||||
+ if (is->readU8() == 0) {
|
||||
+ rdr::U32 result = is->readU32();
|
||||
+ CharArray reason;
|
||||
+ if (result == secResultFailed || result == secResultTooMany)
|
||||
+ reason.buf = is->readString();
|
||||
+ else
|
||||
+ reason.buf = strDup("Authentication failure (protocol error)");
|
||||
+ throw AuthFailureException(reason.buf);
|
||||
+ }
|
||||
|
||||
if (gnutls_init(&session, GNUTLS_CLIENT) != GNUTLS_E_SUCCESS)
|
||||
throw AuthFailureException("gnutls_init failed");
|
||||
Loading…
Reference in New Issue
Block a user