[El-errata] ELSA-2017-2000 Moderate: Oracle Linux 7 tigervnc and fltk security, bug fix, and enhancement update

Tue Aug 8 13:50:37 PDT 2017

Oracle Linux Security Advisory ELSA-2017-2000

http://linux.oracle.com/errata/ELSA-2017-2000.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
fltk-1.3.4-1.el7.i686.rpm
fltk-1.3.4-1.el7.x86_64.rpm
fltk-devel-1.3.4-1.el7.i686.rpm
fltk-devel-1.3.4-1.el7.x86_64.rpm
fltk-fluid-1.3.4-1.el7.x86_64.rpm
fltk-static-1.3.4-1.el7.i686.rpm
fltk-static-1.3.4-1.el7.x86_64.rpm
tigervnc-1.8.0-1.el7.x86_64.rpm
tigervnc-icons-1.8.0-1.el7.noarch.rpm
tigervnc-license-1.8.0-1.el7.noarch.rpm
tigervnc-server-1.8.0-1.el7.x86_64.rpm
tigervnc-server-applet-1.8.0-1.el7.noarch.rpm
tigervnc-server-minimal-1.8.0-1.el7.x86_64.rpm
tigervnc-server-module-1.8.0-1.el7.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/fltk-1.3.4-1.el7.src.rpm
http://oss.oracle.com/ol7/SRPMS-updates/tigervnc-1.8.0-1.el7.src.rpm

Description of changes:

fltk
[1.3.4-1]
- Re-base to 1.3.4 (+ sync with Fedora)

tigervnc
[1.8.0-1]
- Update to 1.8.0
   Resolves: bz#1388620

[1.7.90-2]
- Make RandR callbacks optional
   Resolves: bz#1444948

[1.7.90-1]
- Update to 1.7.90
   Resolves: bz#1388620

[1.7.1-3]
- Delete underlying ssecurity in SSecurityVeNCrypt [CCVE-2017-7392]
   Resolves: bz#1439127
   Prevent double free by crafted fences [CVE-2017-7393]
   Resolves: bz#1439134

[1.7.1-2]
- Be more restrictive with shared memory mode bits
   Resolves: bz#1152552
   Limit max username/password size in SSecurityPlain [CVE-2017-7394]
   Resolves: bz#1438737
   Fix crash from integer overflow in SMsgReader::readClientCutText 
[CVE-2017-7395]
   Resolves: bz#1438742

[1.7.1-1]
- Update to 1.7.1
   Resolves: bz#1388620
   Resolves: bz#1343899
   Resolves: bz#1410164
   Resolves: bz#1415547
   Resolves: bz#1418945
   Resolves: bz#1416290
   Resolves: bz#1342956
- Fix shared memory leakage
   Resolves: bz#1358090
- Added systemd unit file for xvnc
   Resolves: bz#1393971