Daniel Berrange: ANNOUNCE: gtk-vnc 0.7.0 release including 2 security fixes

I’m pleased to announce a new release of GTK-VNC, vesion 0.7.0. The release focus is on bug fixing and includes fixes for two publically reported security bugs which allow a malicious server to exploit the client. Similar bugs were recently reported & fixed in other common VNC clients too.

  • CVE-2017-5884 – fix bounds checking for RRE, hextile and copyrect encodings
  • CVE-2017-5885 – fix color map index bounds checking
  • Add API to allow smooth scaling to be disabled
  • Workaround to help SPICE servers quickly drop VNC clients which mistakenly connect, by sending “RFB ” signature bytes early
  • Don’t accept color map entries for true-color pixel formats
  • Add missing vala .deps files for gvnc & gvncpulse
  • Avoid crash if host/port is NULL
  • Add precondition checks to some public APIs
  • Fix link to home page in README file
  • Fix misc memory leaks
  • Clamp cursor hot-pixel to within cursor region

Thanks to all those who reported bugs and provides patches that went into this new release.


Source From: fedoraplanet.org.
Original article title: Daniel Berrange: ANNOUNCE: gtk-vnc 0.7.0 release including 2 security fixes.
This full article can be read at: Daniel Berrange: ANNOUNCE: gtk-vnc 0.7.0 release including 2 security fixes.

Advertisement
Website Design and Development


Random Article You May Like

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*