Skip to navigation

Security Advisory Moderate: tigervnc security update

Advisory: RHSA-2011:0871-1
Type: Security Advisory
Severity: Moderate
Issued on: 2011-06-15
Last updated on: 2011-06-15
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.1.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2011-1775

Details

Updated tigervnc packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Virtual Network Computing (VNC) is a remote display system which allows you
to view a computer's desktop environment not only on the machine where it
is running, but from anywhere on the Internet and from a wide variety of
machine architectures. TigerVNC is a suite of VNC servers and clients.

It was discovered that vncviewer could prompt for and send authentication
credentials to a remote server without first properly validating the
server's X.509 certificate. As vncviewer did not indicate that the
certificate was bad or missing, a man-in-the-middle attacker could use this
flaw to trick a vncviewer client into connecting to a spoofed VNC server,
allowing the attacker to obtain the client's credentials. (CVE-2011-1775)

All tigervnc users should upgrade to these updated packages, which contain
a backported patch to correct this issue.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
tigervnc-1.0.90-0.15.20110314svn4359.el6_1.1.src.rpm
File outdated by:  RHBA-2014:0125
    MD5: 9ccd239d142b6b4eabe31b9c22ff9bb3
SHA-256: 2312254079a25f7e110338b6d352171cf51dc2043f48156ff5b8e0fcaaa5da66
 
IA-32:
tigervnc-1.0.90-0.15.20110314svn4359.el6_1.1.i686.rpm
File outdated by:  RHBA-2014:0125
    MD5: d07866b2dfe41705247db3d714ee5ad1
SHA-256: 46442d3d12fd54cdab74454480b0345eb81f78752aa462ccbead35ee1532358c
tigervnc-debuginfo-1.0.90-0.15.20110314svn4359.el6_1.1.i686.rpm
File outdated by:  RHBA-2014:0125
    MD5: b19c962e56feb7e405e6e0ac04464420
SHA-256: c7436a1bb22ace8774b386b3a1e4d9b412b4b7f8b212b082078be3d4626bae7d
tigervnc-server-1.0.90-0.15.20110314svn4359.el6_1.1.i686.rpm
File outdated by:  RHBA-2014:0125
    MD5: 8a235e39c7de6414c65e9bc0b01bff44
SHA-256: 6813ceb23bdd9a61f8ddc9c9bad183237ebfb2be39bfcfde2181f59bc683ea54
tigervnc-server-applet-1.0.90-0.15.20110314svn4359.el6_1.1.noarch.rpm
File outdated by:  RHBA-2014:0125
    MD5: d1bd877f76d714cb4f41c8a09d11b6ce
SHA-256: 15ea1281301d3058cd1c1610de11388fdc39f442e3b7d891958497705732ec53
tigervnc-server-module-1.0.90-0.15.20110314svn4359.el6_1.1.i686.rpm
File outdated by:  RHBA-2014:0125
    MD5: 0e322f4d9e2b3b4f4cb8458acc6f0148
SHA-256: 880b937cd440bfa5cbaa6c4c0f414e0c7951227f6bb836a563c57e582a0159fc
 
x86_64:
tigervnc-1.0.90-0.15.20110314svn4359.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2014:0125
    MD5: 4c0f7ed25a464b6392f66629f12a2f85
SHA-256: 32ec38e3f24d53d9c94ce5440c86a530095f841d19e38e2d2e7c05991d3d7ed2
tigervnc-debuginfo-1.0.90-0.15.20110314svn4359.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2014:0125
    MD5: a28e8448ac00691cf61e5efc0701a538
SHA-256: 1c55cb5e7e214134a984c8c7ddfa101f1b98f42fd9c6ad7168b2d2327c849df8
tigervnc-server-1.0.90-0.15.20110314svn4359.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2014:0125
    MD5: 681b7f32dca715ce07e2791853fb670d
SHA-256: 377649e730f94c441ba4b20b21085f1d0ea6a037a63ffa1a4a69240d742fe44a
tigervnc-server-applet-1.0.90-0.15.20110314svn4359.el6_1.1.noarch.rpm
File outdated by:  RHBA-2014:0125
    MD5: d1bd877f76d714cb4f41c8a09d11b6ce
SHA-256: 15ea1281301d3058cd1c1610de11388fdc39f442e3b7d891958497705732ec53
tigervnc-server-module-1.0.90-0.15.20110314svn4359.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2014:0125
    MD5: 8155568017db167d2c05e6088b313d6c
SHA-256: bbffb0bda5c6e3654f9aaa9c526c3103ade89e993e6058000ed3513a5194fe24
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
tigervnc-1.0.90-0.15.20110314svn4359.el6_1.1.src.rpm
File outdated by:  RHBA-2014:0125
    MD5: 9ccd239d142b6b4eabe31b9c22ff9bb3
SHA-256: 2312254079a25f7e110338b6d352171cf51dc2043f48156ff5b8e0fcaaa5da66
 
x86_64:
tigervnc-1.0.90-0.15.20110314svn4359.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2014:0125
    MD5: 4c0f7ed25a464b6392f66629f12a2f85
SHA-256: 32ec38e3f24d53d9c94ce5440c86a530095f841d19e38e2d2e7c05991d3d7ed2
tigervnc-debuginfo-1.0.90-0.15.20110314svn4359.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2014:0125
    MD5: a28e8448ac00691cf61e5efc0701a538
SHA-256: 1c55cb5e7e214134a984c8c7ddfa101f1b98f42fd9c6ad7168b2d2327c849df8
tigervnc-server-1.0.90-0.15.20110314svn4359.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2014:0125
    MD5: 681b7f32dca715ce07e2791853fb670d
SHA-256: 377649e730f94c441ba4b20b21085f1d0ea6a037a63ffa1a4a69240d742fe44a
tigervnc-server-applet-1.0.90-0.15.20110314svn4359.el6_1.1.noarch.rpm
File outdated by:  RHBA-2014:0125
    MD5: d1bd877f76d714cb4f41c8a09d11b6ce
SHA-256: 15ea1281301d3058cd1c1610de11388fdc39f442e3b7d891958497705732ec53
tigervnc-server-module-1.0.90-0.15.20110314svn4359.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2014:0125
    MD5: 8155568017db167d2c05e6088b313d6c
SHA-256: bbffb0bda5c6e3654f9aaa9c526c3103ade89e993e6058000ed3513a5194fe24
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
tigervnc-1.0.90-0.15.20110314svn4359.el6_1.1.src.rpm
File outdated by:  RHBA-2014:0125
    MD5: 9ccd239d142b6b4eabe31b9c22ff9bb3
SHA-256: 2312254079a25f7e110338b6d352171cf51dc2043f48156ff5b8e0fcaaa5da66
 
IA-32:
tigervnc-1.0.90-0.15.20110314svn4359.el6_1.1.i686.rpm
File outdated by:  RHBA-2014:0125
    MD5: d07866b2dfe41705247db3d714ee5ad1
SHA-256: 46442d3d12fd54cdab74454480b0345eb81f78752aa462ccbead35ee1532358c
tigervnc-debuginfo-1.0.90-0.15.20110314svn4359.el6_1.1.i686.rpm
File outdated by:  RHBA-2014:0125
    MD5: b19c962e56feb7e405e6e0ac04464420
SHA-256: c7436a1bb22ace8774b386b3a1e4d9b412b4b7f8b212b082078be3d4626bae7d
tigervnc-server-1.0.90-0.15.20110314svn4359.el6_1.1.i686.rpm
File outdated by:  RHBA-2014:0125
    MD5: 8a235e39c7de6414c65e9bc0b01bff44
SHA-256: 6813ceb23bdd9a61f8ddc9c9bad183237ebfb2be39bfcfde2181f59bc683ea54
tigervnc-server-applet-1.0.90-0.15.20110314svn4359.el6_1.1.noarch.rpm
File outdated by:  RHBA-2014:0125
    MD5: d1bd877f76d714cb4f41c8a09d11b6ce
SHA-256: 15ea1281301d3058cd1c1610de11388fdc39f442e3b7d891958497705732ec53
tigervnc-server-module-1.0.90-0.15.20110314svn4359.el6_1.1.i686.rpm
File outdated by:  RHBA-2014:0125
    MD5: 0e322f4d9e2b3b4f4cb8458acc6f0148
SHA-256: 880b937cd440bfa5cbaa6c4c0f414e0c7951227f6bb836a563c57e582a0159fc
 
PPC:
tigervnc-1.0.90-0.15.20110314svn4359.el6_1.1.ppc64.rpm
File outdated by:  RHBA-2014:0125
    MD5: 1dca0ded5b0acc5a5568cf12d85fd639
SHA-256: b75fa570edf903261e8ec56245efa9957cba9c3523e724d59f4e1bda9fb522d3
tigervnc-debuginfo-1.0.90-0.15.20110314svn4359.el6_1.1.ppc64.rpm
File outdated by:  RHBA-2014:0125
    MD5: 0bce5e1cc2f9a7b62f654e15906c18bc
SHA-256: 9919b108e6081fe23d7a2899ed7b4fa1b98c8e377d3cc3b8e808c7657a71437b
tigervnc-server-1.0.90-0.15.20110314svn4359.el6_1.1.ppc64.rpm
File outdated by:  RHBA-2014:0125
    MD5: 4252d864d756dc8951093428cd59d9db
SHA-256: 787e0dcac1a393a5dc5f79c719666d529ced0ec44d7ba9a7024c68c60a3b60d5
tigervnc-server-applet-1.0.90-0.15.20110314svn4359.el6_1.1.noarch.rpm
File outdated by:  RHBA-2014:0125
    MD5: d1bd877f76d714cb4f41c8a09d11b6ce
SHA-256: 15ea1281301d3058cd1c1610de11388fdc39f442e3b7d891958497705732ec53
tigervnc-server-module-1.0.90-0.15.20110314svn4359.el6_1.1.ppc64.rpm
File outdated by:  RHBA-2014:0125
    MD5: d082045af025c42ed04856a8e2e37735
SHA-256: 0b4b200859852b66505f7803a17a2e95be5d7d7137c3d029e7655e4884d02d3b
 
s390x:
tigervnc-1.0.90-0.15.20110314svn4359.el6_1.1.s390x.rpm
File outdated by:  RHBA-2014:0125
    MD5: 400e9345bf65928292591684a543ceec
SHA-256: 922012eeef27ef4574d5e076e68302ee3aae0e2ee3462cf40305bcebf3cd4722
tigervnc-debuginfo-1.0.90-0.15.20110314svn4359.el6_1.1.s390x.rpm
File outdated by:  RHBA-2014:0125
    MD5: 56672b9a93d258460e10c5aaed5d3bb7
SHA-256: f71da8b8ddcdd5e25e5f2b6464777bfa89534751004b7bda1c7ad61891bd0260
tigervnc-server-1.0.90-0.15.20110314svn4359.el6_1.1.s390x.rpm
File outdated by:  RHBA-2014:0125
    MD5: a33f608a75d418c54dbbe9d04b73084c
SHA-256: e2bad6244a68de19ad1b83b661da6e506067db07923603a19673ca79886635e6
tigervnc-server-applet-1.0.90-0.15.20110314svn4359.el6_1.1.noarch.rpm
File outdated by:  RHBA-2014:0125
    MD5: d1bd877f76d714cb4f41c8a09d11b6ce
SHA-256: 15ea1281301d3058cd1c1610de11388fdc39f442e3b7d891958497705732ec53
 
x86_64:
tigervnc-1.0.90-0.15.20110314svn4359.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2014:0125
    MD5: 4c0f7ed25a464b6392f66629f12a2f85
SHA-256: 32ec38e3f24d53d9c94ce5440c86a530095f841d19e38e2d2e7c05991d3d7ed2
tigervnc-debuginfo-1.0.90-0.15.20110314svn4359.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2014:0125
    MD5: a28e8448ac00691cf61e5efc0701a538
SHA-256: 1c55cb5e7e214134a984c8c7ddfa101f1b98f42fd9c6ad7168b2d2327c849df8
tigervnc-server-1.0.90-0.15.20110314svn4359.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2014:0125
    MD5: 681b7f32dca715ce07e2791853fb670d
SHA-256: 377649e730f94c441ba4b20b21085f1d0ea6a037a63ffa1a4a69240d742fe44a
tigervnc-server-applet-1.0.90-0.15.20110314svn4359.el6_1.1.noarch.rpm
File outdated by:  RHBA-2014:0125
    MD5: d1bd877f76d714cb4f41c8a09d11b6ce
SHA-256: 15ea1281301d3058cd1c1610de11388fdc39f442e3b7d891958497705732ec53
tigervnc-server-module-1.0.90-0.15.20110314svn4359.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2014:0125
    MD5: 8155568017db167d2c05e6088b313d6c
SHA-256: bbffb0bda5c6e3654f9aaa9c526c3103ade89e993e6058000ed3513a5194fe24
 
Red Hat Enterprise Linux Server EUS (v. 6.1.z)

SRPMS:
tigervnc-1.0.90-0.15.20110314svn4359.el6_1.1.src.rpm
File outdated by:  RHBA-2014:0125
    MD5: 9ccd239d142b6b4eabe31b9c22ff9bb3
SHA-256: 2312254079a25f7e110338b6d352171cf51dc2043f48156ff5b8e0fcaaa5da66
 
IA-32:
tigervnc-1.0.90-0.15.20110314svn4359.el6_1.1.i686.rpm     MD5: d07866b2dfe41705247db3d714ee5ad1
SHA-256: 46442d3d12fd54cdab74454480b0345eb81f78752aa462ccbead35ee1532358c
tigervnc-debuginfo-1.0.90-0.15.20110314svn4359.el6_1.1.i686.rpm     MD5: b19c962e56feb7e405e6e0ac04464420
SHA-256: c7436a1bb22ace8774b386b3a1e4d9b412b4b7f8b212b082078be3d4626bae7d
tigervnc-server-1.0.90-0.15.20110314svn4359.el6_1.1.i686.rpm     MD5: 8a235e39c7de6414c65e9bc0b01bff44
SHA-256: 6813ceb23bdd9a61f8ddc9c9bad183237ebfb2be39bfcfde2181f59bc683ea54
tigervnc-server-applet-1.0.90-0.15.20110314svn4359.el6_1.1.noarch.rpm     MD5: d1bd877f76d714cb4f41c8a09d11b6ce
SHA-256: 15ea1281301d3058cd1c1610de11388fdc39f442e3b7d891958497705732ec53
tigervnc-server-module-1.0.90-0.15.20110314svn4359.el6_1.1.i686.rpm     MD5: 0e322f4d9e2b3b4f4cb8458acc6f0148
SHA-256: 880b937cd440bfa5cbaa6c4c0f414e0c7951227f6bb836a563c57e582a0159fc
 
PPC:
tigervnc-1.0.90-0.15.20110314svn4359.el6_1.1.ppc64.rpm     MD5: 1dca0ded5b0acc5a5568cf12d85fd639
SHA-256: b75fa570edf903261e8ec56245efa9957cba9c3523e724d59f4e1bda9fb522d3
tigervnc-debuginfo-1.0.90-0.15.20110314svn4359.el6_1.1.ppc64.rpm     MD5: 0bce5e1cc2f9a7b62f654e15906c18bc
SHA-256: 9919b108e6081fe23d7a2899ed7b4fa1b98c8e377d3cc3b8e808c7657a71437b
tigervnc-server-1.0.90-0.15.20110314svn4359.el6_1.1.ppc64.rpm     MD5: 4252d864d756dc8951093428cd59d9db
SHA-256: 787e0dcac1a393a5dc5f79c719666d529ced0ec44d7ba9a7024c68c60a3b60d5
tigervnc-server-applet-1.0.90-0.15.20110314svn4359.el6_1.1.noarch.rpm     MD5: d1bd877f76d714cb4f41c8a09d11b6ce
SHA-256: 15ea1281301d3058cd1c1610de11388fdc39f442e3b7d891958497705732ec53
tigervnc-server-module-1.0.90-0.15.20110314svn4359.el6_1.1.ppc64.rpm     MD5: d082045af025c42ed04856a8e2e37735
SHA-256: 0b4b200859852b66505f7803a17a2e95be5d7d7137c3d029e7655e4884d02d3b
 
s390x:
tigervnc-1.0.90-0.15.20110314svn4359.el6_1.1.s390x.rpm     MD5: 400e9345bf65928292591684a543ceec
SHA-256: 922012eeef27ef4574d5e076e68302ee3aae0e2ee3462cf40305bcebf3cd4722
tigervnc-debuginfo-1.0.90-0.15.20110314svn4359.el6_1.1.s390x.rpm     MD5: 56672b9a93d258460e10c5aaed5d3bb7
SHA-256: f71da8b8ddcdd5e25e5f2b6464777bfa89534751004b7bda1c7ad61891bd0260
tigervnc-server-1.0.90-0.15.20110314svn4359.el6_1.1.s390x.rpm     MD5: a33f608a75d418c54dbbe9d04b73084c
SHA-256: e2bad6244a68de19ad1b83b661da6e506067db07923603a19673ca79886635e6
tigervnc-server-applet-1.0.90-0.15.20110314svn4359.el6_1.1.noarch.rpm     MD5: d1bd877f76d714cb4f41c8a09d11b6ce
SHA-256: 15ea1281301d3058cd1c1610de11388fdc39f442e3b7d891958497705732ec53
 
x86_64:
tigervnc-1.0.90-0.15.20110314svn4359.el6_1.1.x86_64.rpm     MD5: 4c0f7ed25a464b6392f66629f12a2f85
SHA-256: 32ec38e3f24d53d9c94ce5440c86a530095f841d19e38e2d2e7c05991d3d7ed2
tigervnc-debuginfo-1.0.90-0.15.20110314svn4359.el6_1.1.x86_64.rpm     MD5: a28e8448ac00691cf61e5efc0701a538
SHA-256: 1c55cb5e7e214134a984c8c7ddfa101f1b98f42fd9c6ad7168b2d2327c849df8
tigervnc-server-1.0.90-0.15.20110314svn4359.el6_1.1.x86_64.rpm     MD5: 681b7f32dca715ce07e2791853fb670d
SHA-256: 377649e730f94c441ba4b20b21085f1d0ea6a037a63ffa1a4a69240d742fe44a
tigervnc-server-applet-1.0.90-0.15.20110314svn4359.el6_1.1.noarch.rpm     MD5: d1bd877f76d714cb4f41c8a09d11b6ce
SHA-256: 15ea1281301d3058cd1c1610de11388fdc39f442e3b7d891958497705732ec53
tigervnc-server-module-1.0.90-0.15.20110314svn4359.el6_1.1.x86_64.rpm     MD5: 8155568017db167d2c05e6088b313d6c
SHA-256: bbffb0bda5c6e3654f9aaa9c526c3103ade89e993e6058000ed3513a5194fe24
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
tigervnc-1.0.90-0.15.20110314svn4359.el6_1.1.src.rpm
File outdated by:  RHBA-2014:0125
    MD5: 9ccd239d142b6b4eabe31b9c22ff9bb3
SHA-256: 2312254079a25f7e110338b6d352171cf51dc2043f48156ff5b8e0fcaaa5da66
 
IA-32:
tigervnc-1.0.90-0.15.20110314svn4359.el6_1.1.i686.rpm
File outdated by:  RHBA-2014:0125
    MD5: d07866b2dfe41705247db3d714ee5ad1
SHA-256: 46442d3d12fd54cdab74454480b0345eb81f78752aa462ccbead35ee1532358c
tigervnc-debuginfo-1.0.90-0.15.20110314svn4359.el6_1.1.i686.rpm
File outdated by:  RHBA-2014:0125
    MD5: b19c962e56feb7e405e6e0ac04464420
SHA-256: c7436a1bb22ace8774b386b3a1e4d9b412b4b7f8b212b082078be3d4626bae7d
tigervnc-server-1.0.90-0.15.20110314svn4359.el6_1.1.i686.rpm
File outdated by:  RHBA-2014:0125
    MD5: 8a235e39c7de6414c65e9bc0b01bff44
SHA-256: 6813ceb23bdd9a61f8ddc9c9bad183237ebfb2be39bfcfde2181f59bc683ea54
tigervnc-server-applet-1.0.90-0.15.20110314svn4359.el6_1.1.noarch.rpm
File outdated by:  RHBA-2014:0125
    MD5: d1bd877f76d714cb4f41c8a09d11b6ce
SHA-256: 15ea1281301d3058cd1c1610de11388fdc39f442e3b7d891958497705732ec53
tigervnc-server-module-1.0.90-0.15.20110314svn4359.el6_1.1.i686.rpm
File outdated by:  RHBA-2014:0125
    MD5: 0e322f4d9e2b3b4f4cb8458acc6f0148
SHA-256: 880b937cd440bfa5cbaa6c4c0f414e0c7951227f6bb836a563c57e582a0159fc
 
x86_64:
tigervnc-1.0.90-0.15.20110314svn4359.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2014:0125
    MD5: 4c0f7ed25a464b6392f66629f12a2f85
SHA-256: 32ec38e3f24d53d9c94ce5440c86a530095f841d19e38e2d2e7c05991d3d7ed2
tigervnc-debuginfo-1.0.90-0.15.20110314svn4359.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2014:0125
    MD5: a28e8448ac00691cf61e5efc0701a538
SHA-256: 1c55cb5e7e214134a984c8c7ddfa101f1b98f42fd9c6ad7168b2d2327c849df8
tigervnc-server-1.0.90-0.15.20110314svn4359.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2014:0125
    MD5: 681b7f32dca715ce07e2791853fb670d
SHA-256: 377649e730f94c441ba4b20b21085f1d0ea6a037a63ffa1a4a69240d742fe44a
tigervnc-server-applet-1.0.90-0.15.20110314svn4359.el6_1.1.noarch.rpm
File outdated by:  RHBA-2014:0125
    MD5: d1bd877f76d714cb4f41c8a09d11b6ce
SHA-256: 15ea1281301d3058cd1c1610de11388fdc39f442e3b7d891958497705732ec53
tigervnc-server-module-1.0.90-0.15.20110314svn4359.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2014:0125
    MD5: 8155568017db167d2c05e6088b313d6c
SHA-256: bbffb0bda5c6e3654f9aaa9c526c3103ade89e993e6058000ed3513a5194fe24
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

702470 - CVE-2011-1775 tigervnc: vncviewer can send password to server without proper validation of the X.509 certificate


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/