[El-errata] ELSA-2017-2000 Moderate: Oracle Linux 7 tigervnc and fltk security, bug fix, and enhancement update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Aug 8 13:50:37 PDT 2017
Oracle Linux Security Advisory ELSA-2017-2000
http://linux.oracle.com/errata/ELSA-2017-2000.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
fltk-1.3.4-1.el7.i686.rpm
fltk-1.3.4-1.el7.x86_64.rpm
fltk-devel-1.3.4-1.el7.i686.rpm
fltk-devel-1.3.4-1.el7.x86_64.rpm
fltk-fluid-1.3.4-1.el7.x86_64.rpm
fltk-static-1.3.4-1.el7.i686.rpm
fltk-static-1.3.4-1.el7.x86_64.rpm
tigervnc-1.8.0-1.el7.x86_64.rpm
tigervnc-icons-1.8.0-1.el7.noarch.rpm
tigervnc-license-1.8.0-1.el7.noarch.rpm
tigervnc-server-1.8.0-1.el7.x86_64.rpm
tigervnc-server-applet-1.8.0-1.el7.noarch.rpm
tigervnc-server-minimal-1.8.0-1.el7.x86_64.rpm
tigervnc-server-module-1.8.0-1.el7.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/fltk-1.3.4-1.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/tigervnc-1.8.0-1.el7.src.rpm
Description of changes:
fltk
[1.3.4-1]
- Re-base to 1.3.4 (+ sync with Fedora)
tigervnc
[1.8.0-1]
- Update to 1.8.0
Resolves: bz#1388620
[1.7.90-2]
- Make RandR callbacks optional
Resolves: bz#1444948
[1.7.90-1]
- Update to 1.7.90
Resolves: bz#1388620
[1.7.1-3]
- Delete underlying ssecurity in SSecurityVeNCrypt [CCVE-2017-7392]
Resolves: bz#1439127
Prevent double free by crafted fences [CVE-2017-7393]
Resolves: bz#1439134
[1.7.1-2]
- Be more restrictive with shared memory mode bits
Resolves: bz#1152552
Limit max username/password size in SSecurityPlain [CVE-2017-7394]
Resolves: bz#1438737
Fix crash from integer overflow in SMsgReader::readClientCutText
[CVE-2017-7395]
Resolves: bz#1438742
[1.7.1-1]
- Update to 1.7.1
Resolves: bz#1388620
Resolves: bz#1343899
Resolves: bz#1410164
Resolves: bz#1415547
Resolves: bz#1418945
Resolves: bz#1416290
Resolves: bz#1342956
- Fix shared memory leakage
Resolves: bz#1358090
- Added systemd unit file for xvnc
Resolves: bz#1393971
More information about the El-errata
mailing list