https://bugzilla.novell.com/show_bug.cgi?id=331682 Summary: 10.3 final iso : tightvnc dos util not latest version Product: openSUSE 10.3 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: s.handgraaf@xs4all.nl QAContact: qa@suse.de Found By: Customer On the final DVD iso of opensuse 10.3, the dosutils directory contains the application tightvnc. The included version is 1.2.9 of August 2003. However, the latest version of this utillity is 1.3.9 of May 8, 2007. Since the final version of opensuse 10.3 was not released until October 2007, the latest version of tightvnc should have been included. It is known that tightvnc versions prior to 1.3.9 are vulnerable to several security issues. This including possible remote arbitrary code execution. Fortunately, the windows version seems not affected by these issues but not including the latest version when possible could however had severe impact. It might be needed to review why the latest version was not included while it was released months before the final opensuse 10.3 was released, and also to prevent providing older versions if possible for a next releases. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.