Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <9ad7c260eb4d45c79d58b0160f7c7103@imshyb01.MITRE.ORG>
Date: Sat, 4 Feb 2017 21:34:03 -0500
From: <cve-assign@...re.org>
To: <mgerstner@...e.de>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: CVE request tigervnc: vnc server can crash when TLS handshake terminates early

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> the Xvnc server from tigervnc can crash when a client terminates a TLS
> connection early. This is due to invalid initialization/deinitialization
> order of the GnuTLS library.
> 
> Upstream commit:
> 
> https://github.com/TigerVNC/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649

>> Proper global init/deinit of GnuTLS 

> https://bugzilla.suse.com/show_bug.cgi?id=1023012

Use CVE-2016-10207.

The scope of this CVE does not include
https://bugzilla.suse.com/show_bug.cgi?id=1023012#c11

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYlo4DAAoJEHb/MwWLVhi25I8P/2B7bVNkmS9zQsDaRGvcAiuL
U84Xq5w9mhbN5yXoSxYwBXaIYrj6u/taDdjvBawg6qDVPEOGeKL/DpPLWRTF86PH
46UOEVnsSYqov03fTp111E21OTjfoqetvYe8ES/rz1SRvYB4hOHFlDqlKjYafXlm
Y97kXu8SaMiL5218a+smIpEM78nyu5b8IalQMh9yZpEdwr549gNQR8TmSBfb7e0C
EkIVRHSHTX4j7pjRCg0TmfvCohsaDQ7kiXPFhUN+lqNwpr0porVh4hBH2wgwHult
OFBTIQ4DMCmXu9+mJX6RCQWq3/S0FqeRZ0NzFQlaSUZCGC6ouDRIyFizLJr4OnOb
cZNaiCWknBQ96ftg2qNVjuulPZuteCdt7J0WOsLNel/8YGM/ovqCZgcu0jL9Vv+g
5GCZSK6sUKCAv6yuBtwkAyccPv98nWvWVvjgBBvd/wZLPOEFfp07uV8k/Wz9NX/2
sghtxXv5k8/zsVuFhk5Ry0RyTKx2YGGraTgdzukRikE1ZqvUr99DjAqkALYhnXYc
9zxqZRkBU7AepN3K2T0sil8niPRUb54AUw3xfpzvbcQtOhx4IoTHNLES9CEliE9m
fAuvPL+18/UGZ72e9OwLMU1ET3vfEgeN+nbAhy+kmkM5S3d9FtNl22Gd44F3R/Pt
P/sdVfWREufsGbgVNeKA
=j2T3
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.