http://bugzilla.suse.com/show_bug.cgi?id=900896
--- Comment #1 from Michal Srb ---
Unfortunately the Red Hat bug right now doesn't say anything apart from it
being similar to CVE-2014-6051. "Integer overflaw leading to a heap-based
buffer overflow was found in the way screen sizes were handled. A Malicious VNC
server could use this flaw to cause a client to crash or, potentially, execute
arbitrary code on the client."
So we would have to rediscover where the problem is. I had quick look at the
code and found one apparent problem: In non-SHM branch, it uses assert() to
check the return values of malloc.
However after bnc#869307 (CVE-2014-0011) it was clear that authors of tigervnc
are using assert() in all wrong places, so we preventively patched tigervnc to
use asserts even in release build. So we are safe from this particular problem.
Or am I missing any place with additional information about the bug?
--
You are receiving this mail because:
You are on the CC list for the bug.