Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2017:0630 - Security Advisory
Issued:
2017-03-21
Updated:
2017-03-21

RHSA-2017:0630 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: tigervnc security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for tigervnc is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. The tigervnc packages contain a client which allows users to connect to other desktops running a VNC server.

Security Fix(es):

  • A denial of service flaw was found in the TigerVNC's Xvnc server. A remote unauthenticated attacker could use this flaw to make Xvnc crash by terminating the TLS handshake process early. (CVE-2016-10207)
  • A buffer overflow flaw, leading to memory corruption, was found in TigerVNC viewer. A remote malicious VNC server could use this flaw to crash the client vncviewer process resulting in denial of service. (CVE-2017-5581)

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x

Fixes

  • BZ - 1323065 - tigervnc cannot build against xorg-x11-server-source
  • BZ - 1378922 - tigervnc-server needs to be rebuilt to re-enable listen-on-tcp behavior in RHEL 6.8
  • BZ - 1390458 - New version of tigervnc-server disconnects Xsession when initiated from xinetd
  • BZ - 1415712 - CVE-2017-5581 tigervnc: Buffer overflow in ModifiablePixelBuffer::fillRect
  • BZ - 1418761 - CVE-2016-10207 tigervnc: VNC server can crash when TLS handshake terminates early

CVEs

  • CVE-2016-10207
  • CVE-2017-5581

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.9_Release_Notes/index.html
  • https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.9_Technical_Notes/index.html
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 6

SRPM
tigervnc-1.1.0-24.el6.src.rpm SHA-256: 0461b82220f4f0bf12b5649e5d7005e45358d11433835d132361ebbece961a10
x86_64
tigervnc-1.1.0-24.el6.x86_64.rpm SHA-256: bf529e15d33822ee07b4119f9e8b1aabafa0d5f356810a3bd930f40cbc9117a7
tigervnc-debuginfo-1.1.0-24.el6.x86_64.rpm SHA-256: bf7e302a7da903b3f8f62dbb15d1206cfde02f5a9780aae8b9c44c21e4119936
tigervnc-debuginfo-1.1.0-24.el6.x86_64.rpm SHA-256: bf7e302a7da903b3f8f62dbb15d1206cfde02f5a9780aae8b9c44c21e4119936
tigervnc-server-1.1.0-24.el6.x86_64.rpm SHA-256: d8b49775d9ec9beab24f7a01e04723a5b4c7f1f4a64485a9737d6b3993ca5ee6
tigervnc-server-applet-1.1.0-24.el6.noarch.rpm SHA-256: 81e9f09fe1513088dc52462475edf629a02169e600885540c164b05b330b03f8
tigervnc-server-module-1.1.0-24.el6.x86_64.rpm SHA-256: 2c8f4f4928eb2da8aac786a23832897f297432d96e20486bc41baa898c8c1940
i386
tigervnc-1.1.0-24.el6.i686.rpm SHA-256: 885c52acd1ea35b1a78cb349c2367ea2db08c992ef894da556b1fa4f1f5883ba
tigervnc-debuginfo-1.1.0-24.el6.i686.rpm SHA-256: 867d0d6ff2b094895d5b2dfbbd54f04574719074a201de9f69812bbaf6b8870f
tigervnc-debuginfo-1.1.0-24.el6.i686.rpm SHA-256: 867d0d6ff2b094895d5b2dfbbd54f04574719074a201de9f69812bbaf6b8870f
tigervnc-server-1.1.0-24.el6.i686.rpm SHA-256: eb7bbd31c9ddfded325a5c0e291e17f396fff69d7835dd46eb2ce0778a0ecabf
tigervnc-server-applet-1.1.0-24.el6.noarch.rpm SHA-256: 81e9f09fe1513088dc52462475edf629a02169e600885540c164b05b330b03f8
tigervnc-server-module-1.1.0-24.el6.i686.rpm SHA-256: a1d9d09e40dc1db17a756b592ff4a495a5dcd23427d7be50f6c4c74b284eadac

Red Hat Enterprise Linux Server - Extended Life Cycle Support 6

SRPM
tigervnc-1.1.0-24.el6.src.rpm SHA-256: 0461b82220f4f0bf12b5649e5d7005e45358d11433835d132361ebbece961a10
x86_64
tigervnc-1.1.0-24.el6.x86_64.rpm SHA-256: bf529e15d33822ee07b4119f9e8b1aabafa0d5f356810a3bd930f40cbc9117a7
tigervnc-debuginfo-1.1.0-24.el6.x86_64.rpm SHA-256: bf7e302a7da903b3f8f62dbb15d1206cfde02f5a9780aae8b9c44c21e4119936
tigervnc-debuginfo-1.1.0-24.el6.x86_64.rpm SHA-256: bf7e302a7da903b3f8f62dbb15d1206cfde02f5a9780aae8b9c44c21e4119936
tigervnc-server-1.1.0-24.el6.x86_64.rpm SHA-256: d8b49775d9ec9beab24f7a01e04723a5b4c7f1f4a64485a9737d6b3993ca5ee6
tigervnc-server-applet-1.1.0-24.el6.noarch.rpm SHA-256: 81e9f09fe1513088dc52462475edf629a02169e600885540c164b05b330b03f8
tigervnc-server-module-1.1.0-24.el6.x86_64.rpm SHA-256: 2c8f4f4928eb2da8aac786a23832897f297432d96e20486bc41baa898c8c1940
i386
tigervnc-1.1.0-24.el6.i686.rpm SHA-256: 885c52acd1ea35b1a78cb349c2367ea2db08c992ef894da556b1fa4f1f5883ba
tigervnc-debuginfo-1.1.0-24.el6.i686.rpm SHA-256: 867d0d6ff2b094895d5b2dfbbd54f04574719074a201de9f69812bbaf6b8870f
tigervnc-debuginfo-1.1.0-24.el6.i686.rpm SHA-256: 867d0d6ff2b094895d5b2dfbbd54f04574719074a201de9f69812bbaf6b8870f
tigervnc-server-1.1.0-24.el6.i686.rpm SHA-256: eb7bbd31c9ddfded325a5c0e291e17f396fff69d7835dd46eb2ce0778a0ecabf
tigervnc-server-applet-1.1.0-24.el6.noarch.rpm SHA-256: 81e9f09fe1513088dc52462475edf629a02169e600885540c164b05b330b03f8
tigervnc-server-module-1.1.0-24.el6.i686.rpm SHA-256: a1d9d09e40dc1db17a756b592ff4a495a5dcd23427d7be50f6c4c74b284eadac

Red Hat Enterprise Linux Workstation 6

SRPM
tigervnc-1.1.0-24.el6.src.rpm SHA-256: 0461b82220f4f0bf12b5649e5d7005e45358d11433835d132361ebbece961a10
x86_64
tigervnc-1.1.0-24.el6.x86_64.rpm SHA-256: bf529e15d33822ee07b4119f9e8b1aabafa0d5f356810a3bd930f40cbc9117a7
tigervnc-debuginfo-1.1.0-24.el6.x86_64.rpm SHA-256: bf7e302a7da903b3f8f62dbb15d1206cfde02f5a9780aae8b9c44c21e4119936
tigervnc-debuginfo-1.1.0-24.el6.x86_64.rpm SHA-256: bf7e302a7da903b3f8f62dbb15d1206cfde02f5a9780aae8b9c44c21e4119936
tigervnc-server-1.1.0-24.el6.x86_64.rpm SHA-256: d8b49775d9ec9beab24f7a01e04723a5b4c7f1f4a64485a9737d6b3993ca5ee6
tigervnc-server-applet-1.1.0-24.el6.noarch.rpm SHA-256: 81e9f09fe1513088dc52462475edf629a02169e600885540c164b05b330b03f8
tigervnc-server-module-1.1.0-24.el6.x86_64.rpm SHA-256: 2c8f4f4928eb2da8aac786a23832897f297432d96e20486bc41baa898c8c1940
i386
tigervnc-1.1.0-24.el6.i686.rpm SHA-256: 885c52acd1ea35b1a78cb349c2367ea2db08c992ef894da556b1fa4f1f5883ba
tigervnc-debuginfo-1.1.0-24.el6.i686.rpm SHA-256: 867d0d6ff2b094895d5b2dfbbd54f04574719074a201de9f69812bbaf6b8870f
tigervnc-debuginfo-1.1.0-24.el6.i686.rpm SHA-256: 867d0d6ff2b094895d5b2dfbbd54f04574719074a201de9f69812bbaf6b8870f
tigervnc-server-1.1.0-24.el6.i686.rpm SHA-256: eb7bbd31c9ddfded325a5c0e291e17f396fff69d7835dd46eb2ce0778a0ecabf
tigervnc-server-applet-1.1.0-24.el6.noarch.rpm SHA-256: 81e9f09fe1513088dc52462475edf629a02169e600885540c164b05b330b03f8
tigervnc-server-module-1.1.0-24.el6.i686.rpm SHA-256: a1d9d09e40dc1db17a756b592ff4a495a5dcd23427d7be50f6c4c74b284eadac

Red Hat Enterprise Linux Desktop 6

SRPM
tigervnc-1.1.0-24.el6.src.rpm SHA-256: 0461b82220f4f0bf12b5649e5d7005e45358d11433835d132361ebbece961a10
x86_64
tigervnc-1.1.0-24.el6.x86_64.rpm SHA-256: bf529e15d33822ee07b4119f9e8b1aabafa0d5f356810a3bd930f40cbc9117a7
tigervnc-debuginfo-1.1.0-24.el6.x86_64.rpm SHA-256: bf7e302a7da903b3f8f62dbb15d1206cfde02f5a9780aae8b9c44c21e4119936
tigervnc-debuginfo-1.1.0-24.el6.x86_64.rpm SHA-256: bf7e302a7da903b3f8f62dbb15d1206cfde02f5a9780aae8b9c44c21e4119936
tigervnc-server-1.1.0-24.el6.x86_64.rpm SHA-256: d8b49775d9ec9beab24f7a01e04723a5b4c7f1f4a64485a9737d6b3993ca5ee6
tigervnc-server-applet-1.1.0-24.el6.noarch.rpm SHA-256: 81e9f09fe1513088dc52462475edf629a02169e600885540c164b05b330b03f8
tigervnc-server-module-1.1.0-24.el6.x86_64.rpm SHA-256: 2c8f4f4928eb2da8aac786a23832897f297432d96e20486bc41baa898c8c1940
i386
tigervnc-1.1.0-24.el6.i686.rpm SHA-256: 885c52acd1ea35b1a78cb349c2367ea2db08c992ef894da556b1fa4f1f5883ba
tigervnc-debuginfo-1.1.0-24.el6.i686.rpm SHA-256: 867d0d6ff2b094895d5b2dfbbd54f04574719074a201de9f69812bbaf6b8870f
tigervnc-debuginfo-1.1.0-24.el6.i686.rpm SHA-256: 867d0d6ff2b094895d5b2dfbbd54f04574719074a201de9f69812bbaf6b8870f
tigervnc-server-1.1.0-24.el6.i686.rpm SHA-256: eb7bbd31c9ddfded325a5c0e291e17f396fff69d7835dd46eb2ce0778a0ecabf
tigervnc-server-applet-1.1.0-24.el6.noarch.rpm SHA-256: 81e9f09fe1513088dc52462475edf629a02169e600885540c164b05b330b03f8
tigervnc-server-module-1.1.0-24.el6.i686.rpm SHA-256: a1d9d09e40dc1db17a756b592ff4a495a5dcd23427d7be50f6c4c74b284eadac

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
tigervnc-1.1.0-24.el6.src.rpm SHA-256: 0461b82220f4f0bf12b5649e5d7005e45358d11433835d132361ebbece961a10
s390x
tigervnc-1.1.0-24.el6.s390x.rpm SHA-256: 9e597a59590ea0c5ebf71473b972b5252d2482ccb95c82c348a34928dd19ec69
tigervnc-debuginfo-1.1.0-24.el6.s390x.rpm SHA-256: 6c6d2729f84573c981e2ecbbff263905e5cc20407504da06c41ebeca0be24941
tigervnc-server-1.1.0-24.el6.s390x.rpm SHA-256: 5ed84404542becef2dda788059735fab0d85713196853ba1bf32d035fef4611c
tigervnc-server-applet-1.1.0-24.el6.noarch.rpm SHA-256: 81e9f09fe1513088dc52462475edf629a02169e600885540c164b05b330b03f8

Red Hat Enterprise Linux for Power, big endian 6

SRPM
tigervnc-1.1.0-24.el6.src.rpm SHA-256: 0461b82220f4f0bf12b5649e5d7005e45358d11433835d132361ebbece961a10
ppc64
tigervnc-1.1.0-24.el6.ppc64.rpm SHA-256: 57d463f7f424f57863f3393b1de8e7b901fdbeab6abeaef9707a40fd212e6a17
tigervnc-debuginfo-1.1.0-24.el6.ppc64.rpm SHA-256: 221b620683d62e115e7066b7f910a5de5057d051a29baae0dfe200577737f64d
tigervnc-debuginfo-1.1.0-24.el6.ppc64.rpm SHA-256: 221b620683d62e115e7066b7f910a5de5057d051a29baae0dfe200577737f64d
tigervnc-server-1.1.0-24.el6.ppc64.rpm SHA-256: 6b0686566fafe83560bbcab971eb4e4d2054ad658a80bd8cdc19c9877c3da54e
tigervnc-server-applet-1.1.0-24.el6.noarch.rpm SHA-256: 81e9f09fe1513088dc52462475edf629a02169e600885540c164b05b330b03f8
tigervnc-server-module-1.1.0-24.el6.ppc64.rpm SHA-256: 400981edaaeb2a6f342e380bc50ec7719bba43d49081dd75f2c4ee0036e796c8

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
tigervnc-1.1.0-24.el6.src.rpm SHA-256: 0461b82220f4f0bf12b5649e5d7005e45358d11433835d132361ebbece961a10
x86_64
tigervnc-1.1.0-24.el6.x86_64.rpm SHA-256: bf529e15d33822ee07b4119f9e8b1aabafa0d5f356810a3bd930f40cbc9117a7
tigervnc-debuginfo-1.1.0-24.el6.x86_64.rpm SHA-256: bf7e302a7da903b3f8f62dbb15d1206cfde02f5a9780aae8b9c44c21e4119936
tigervnc-server-1.1.0-24.el6.x86_64.rpm SHA-256: d8b49775d9ec9beab24f7a01e04723a5b4c7f1f4a64485a9737d6b3993ca5ee6
tigervnc-server-applet-1.1.0-24.el6.noarch.rpm SHA-256: 81e9f09fe1513088dc52462475edf629a02169e600885540c164b05b330b03f8
tigervnc-server-module-1.1.0-24.el6.x86_64.rpm SHA-256: 2c8f4f4928eb2da8aac786a23832897f297432d96e20486bc41baa898c8c1940

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6

SRPM
tigervnc-1.1.0-24.el6.src.rpm SHA-256: 0461b82220f4f0bf12b5649e5d7005e45358d11433835d132361ebbece961a10
s390x
tigervnc-1.1.0-24.el6.s390x.rpm SHA-256: 9e597a59590ea0c5ebf71473b972b5252d2482ccb95c82c348a34928dd19ec69
tigervnc-debuginfo-1.1.0-24.el6.s390x.rpm SHA-256: 6c6d2729f84573c981e2ecbbff263905e5cc20407504da06c41ebeca0be24941
tigervnc-server-1.1.0-24.el6.s390x.rpm SHA-256: 5ed84404542becef2dda788059735fab0d85713196853ba1bf32d035fef4611c
tigervnc-server-applet-1.1.0-24.el6.noarch.rpm SHA-256: 81e9f09fe1513088dc52462475edf629a02169e600885540c164b05b330b03f8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Terms of Use
  • All Policies and Guidelines
We've updated our <a href='http://www.redhat.com/en/about/privacy-policy' class='privacy-policy'>Privacy Statement</a> effective September 15, 2023.
Red Hat Summit Red Hat Summit
Twitter