rpms/tigervnc
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Viewer can send password without proper validation of X.509 certs (CVE-2011-1775).

Browse Source 
Signed-off-by: Adam Tkac <atkac@redhat.com>
This commit is contained in:
Adam Tkac 2011-05-10 11:54:44 +02:00
parent 6120831ded
commit c2263a87d8
2 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
tigervnc.spec
View File

@ -1,6 +1,6 @@
Name: tigervnc Name: tigervnc
Version: 1.0.90 Version: 1.0.90
Release: 3%{?dist} Release: 4%{?dist}
Summary: A TigerVNC remote display system Summary: A TigerVNC remote display system
Group: User Interface/Desktops Group: User Interface/Desktops
@ -46,6 +46,7 @@ Patch11: tigervnc11-gethomedir.patch
Patch12: tigervnc11-glx.patch Patch12: tigervnc11-glx.patch
Patch13: tigervnc11-rh692048.patch Patch13: tigervnc11-rh692048.patch
Patch14: 0001-Use-memmove-instead-of-memcpy-in-fbblt.c-when-memory.patch Patch14: 0001-Use-memmove-instead-of-memcpy-in-fbblt.c-when-memory.patch
Patch15: tigervnc11-CVE-2011-1775.patch
%description %description
Virtual Network Computing (VNC) is a remote display system which Virtual Network Computing (VNC) is a remote display system which
@ -144,6 +145,8 @@ patch -p1 -b --suffix .vnc < %{SOURCE7}
%patch14 -p1 -b .memcpy %patch14 -p1 -b .memcpy
popd popd
%patch15 -p0 -b .CVE-2011-1775
# Use newer gettext # Use newer gettext
sed -i 's/AM_GNU_GETTEXT_VERSION.*/AM_GNU_GETTEXT_VERSION([0.18.1])/' \ sed -i 's/AM_GNU_GETTEXT_VERSION.*/AM_GNU_GETTEXT_VERSION([0.18.1])/' \
configure.ac configure.ac
@ -304,6 +307,10 @@ fi
%doc LICENCE.TXT %doc LICENCE.TXT
%changelog %changelog
* Tue May 10 2011 Adam Tkac <atkac redhat com> - 1.0.90-4
- viewer can send password without proper validation of X.509 certs
(CVE-2011-1775)
* Wed Apr 13 2011 Adam Tkac <atkac redhat com> - 1.0.90-3 * Wed Apr 13 2011 Adam Tkac <atkac redhat com> - 1.0.90-3
- fix wrong usage of memcpy which caused screen artifacts (#652590) - fix wrong usage of memcpy which caused screen artifacts (#652590)
- don't point to inaccessible link in sysconfig/vncservers (#644975) - don't point to inaccessible link in sysconfig/vncservers (#644975)

22
tigervnc11-CVE-2011-1775.patch Normal file
View File

@ -0,0 +1,22 @@
Index: common/rfb/CSecurityTLS.cxx
===================================================================
--- common/rfb/CSecurityTLS.cxx (revision 4399)
+++ common/rfb/CSecurityTLS.cxx (revision 4400)
@@ -171,8 +171,15 @@
if (!is->checkNoWait(1))
return false;
- if (is->readU8() == 0)
- return true;
+ if (is->readU8() == 0) {
+ rdr::U32 result = is->readU32();
+ CharArray reason;
+ if (result == secResultFailed || result == secResultTooMany)
+ reason.buf = is->readString();
+ else
+ reason.buf = strDup("Authentication failure (protocol error)");
+ throw AuthFailureException(reason.buf);
+ }
if (gnutls_init(&session, GNUTLS_CLIENT) != GNUTLS_E_SUCCESS)
throw AuthFailureException("gnutls_init failed");