Skip to navigation

Security Advisory Moderate: vino security update

Advisory: RHSA-2013:1452-1
Type: Security Advisory
Severity: Moderate
Issued on: 2013-10-22
Last updated on: 2013-10-22
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.4)
Red Hat Enterprise Linux Server EUS (v. 6.4.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2013-5745

Details

Updated vino packages that fix one security issue are now available for Red
Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Vino is a Virtual Network Computing (VNC) server for GNOME. It allows
remote users to connect to a running GNOME session using VNC.

A denial of service flaw was found in the way Vino handled certain
authenticated requests from clients that were in the deferred state. A
remote attacker could use this flaw to make the vino-server process enter
an infinite loop when processing those incoming requests. (CVE-2013-5745)

All vino users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. The GNOME session must be
restarted (log out, then log back in) for this update to take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
vino-2.13.5-10.el5_10.src.rpm     MD5: a736702fa694c628ab9b76d9a679f8f6
SHA-256: 422ff09f058420bf5a5c32639505afc637c5a06d0289a21be8ff806a0e3cfba6
 
IA-32:
vino-2.13.5-10.el5_10.i386.rpm     MD5: 4160c74e14771aefdf700d014432cba1
SHA-256: 9e235c437e7a2376c7cfbac736b2da2626e6fe6e65a15ffaf993c61b6f9307d6
vino-debuginfo-2.13.5-10.el5_10.i386.rpm     MD5: 9f8466e4bad678daeef9d4843f787f06
SHA-256: 0fa2e0732c9cd96a71b35f7e193c09ae0df3f1f990f174dab69c386df389d6be
 
IA-64:
vino-2.13.5-10.el5_10.ia64.rpm     MD5: 56f984419d29af3ec5e5f938f8b4b8a7
SHA-256: 8f9c1e6092c6d86e5d850f159d9d91be1f0a214e3933c7a53d039459e4591fb1
vino-debuginfo-2.13.5-10.el5_10.ia64.rpm     MD5: ded359b9a3a8aa864d47c41c9ef9ede2
SHA-256: 33acca59739cef3411b6e13fb85546647226d1997f1e78424dccc184f3080821
 
PPC:
vino-2.13.5-10.el5_10.ppc.rpm     MD5: 5e404dfdbb3f80ae451216b6ce3cbf2a
SHA-256: cb8fb76e70d4c8427ed7061fb3edbdbb3a172891940def37933f52385723ed9b
vino-debuginfo-2.13.5-10.el5_10.ppc.rpm     MD5: f01a67348a6fc9b96e15500e3873af34
SHA-256: aeb736e9b6e3cce103f3cf7b1d8b2cf3e56fec4895682fe86aa813e29384d7a2
 
s390x:
vino-2.13.5-10.el5_10.s390x.rpm     MD5: 22e14a717fb4e9f3e926fd9d7f0d49f5
SHA-256: d3db9ddc26490b458139da2d6093f5ee6f1d213506c67aacf1dba7a828ba6293
vino-debuginfo-2.13.5-10.el5_10.s390x.rpm     MD5: 45a6a7d4c33550cf6ac003b8b6c46b34
SHA-256: cee5a29e6ec7dbb70e9a17409ebff8f61eaf334d033963bf0fb201b9bc85442f
 
x86_64:
vino-2.13.5-10.el5_10.x86_64.rpm     MD5: 5f9e7fe5e9975b9b8eaaa7f1d6a5b5aa
SHA-256: 358b4880690d2c3bf91b933f9abd0800034d68eb69429e932e026019a3d85e89
vino-debuginfo-2.13.5-10.el5_10.x86_64.rpm     MD5: bca88358feff8f3c254c89279cff5ff0
SHA-256: 10ea437aa76eb40d8706d32e1f2cc2394aeae60e3ee4ac5dbf2ee0447de8f993
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
vino-2.13.5-10.el5_10.src.rpm     MD5: a736702fa694c628ab9b76d9a679f8f6
SHA-256: 422ff09f058420bf5a5c32639505afc637c5a06d0289a21be8ff806a0e3cfba6
 
IA-32:
vino-2.13.5-10.el5_10.i386.rpm     MD5: 4160c74e14771aefdf700d014432cba1
SHA-256: 9e235c437e7a2376c7cfbac736b2da2626e6fe6e65a15ffaf993c61b6f9307d6
vino-debuginfo-2.13.5-10.el5_10.i386.rpm     MD5: 9f8466e4bad678daeef9d4843f787f06
SHA-256: 0fa2e0732c9cd96a71b35f7e193c09ae0df3f1f990f174dab69c386df389d6be
 
x86_64:
vino-2.13.5-10.el5_10.x86_64.rpm     MD5: 5f9e7fe5e9975b9b8eaaa7f1d6a5b5aa
SHA-256: 358b4880690d2c3bf91b933f9abd0800034d68eb69429e932e026019a3d85e89
vino-debuginfo-2.13.5-10.el5_10.x86_64.rpm     MD5: bca88358feff8f3c254c89279cff5ff0
SHA-256: 10ea437aa76eb40d8706d32e1f2cc2394aeae60e3ee4ac5dbf2ee0447de8f993
 
Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
vino-2.28.1-9.el6_4.src.rpm     MD5: 1c1bf7919672cc0a29578248b269d786
SHA-256: 692132f68de83699446a12350ded825a284017946151ffda111a14e4c7558920
 
IA-32:
vino-2.28.1-9.el6_4.i686.rpm     MD5: 9ff20779745cde9f8354c7acee47d31a
SHA-256: e3dc47ff20e1f748fe1bc5019980951722bf5eb271e677c3558e24a8283b534d
vino-debuginfo-2.28.1-9.el6_4.i686.rpm     MD5: 48484513e259edf24f467c75e36b0369
SHA-256: 2516254131a05de367ffa80502fe56c8697fc15b222b807e46201e0edd2d5cc7
 
x86_64:
vino-2.28.1-9.el6_4.x86_64.rpm     MD5: d735f3d8c1a7a1c350fb7fb184d93859
SHA-256: 093f79e8600811d7797a4c31e2573aa300b9fe0375ae8b2ea703616c33a8d213
vino-debuginfo-2.28.1-9.el6_4.x86_64.rpm     MD5: df6270589b75a759fdf66ab77778006d
SHA-256: 997a60f47207852ef0d06c1c880c1a5a568f8fbc90e71fbd5112a7eebf61e16d
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
vino-2.28.1-9.el6_4.src.rpm     MD5: 1c1bf7919672cc0a29578248b269d786
SHA-256: 692132f68de83699446a12350ded825a284017946151ffda111a14e4c7558920
 
IA-32:
vino-2.28.1-9.el6_4.i686.rpm     MD5: 9ff20779745cde9f8354c7acee47d31a
SHA-256: e3dc47ff20e1f748fe1bc5019980951722bf5eb271e677c3558e24a8283b534d
vino-debuginfo-2.28.1-9.el6_4.i686.rpm     MD5: 48484513e259edf24f467c75e36b0369
SHA-256: 2516254131a05de367ffa80502fe56c8697fc15b222b807e46201e0edd2d5cc7
 
PPC:
vino-2.28.1-9.el6_4.ppc64.rpm     MD5: 859de6c9f2246dd8e4428293f010d3d3
SHA-256: de432362d4de14704ce939f1d07b57656bd516bb9b1d980221e9fc6f413556d5
vino-debuginfo-2.28.1-9.el6_4.ppc64.rpm     MD5: 147760060f38824c60f55d09949b51c0
SHA-256: afe7a731e103a05e61a197646cda38822d458af33bbfb567901d882d351fb92c
 
s390x:
vino-2.28.1-9.el6_4.s390x.rpm     MD5: 8e39819a6668cabbf067e57f4ce4cf5f
SHA-256: eeebdf99520a058f5771ebec36b62ae5b833b4df2f068f2d68f01de5038cb2b1
vino-debuginfo-2.28.1-9.el6_4.s390x.rpm     MD5: 86a6ea9f253b8dbfac1c122f05f0e1ff
SHA-256: b9e0d5627d9b7023a9d110c3206fb4e57abf0e1e9d30fb9b0eb2492a8ad09184
 
x86_64:
vino-2.28.1-9.el6_4.x86_64.rpm     MD5: d735f3d8c1a7a1c350fb7fb184d93859
SHA-256: 093f79e8600811d7797a4c31e2573aa300b9fe0375ae8b2ea703616c33a8d213
vino-debuginfo-2.28.1-9.el6_4.x86_64.rpm     MD5: df6270589b75a759fdf66ab77778006d
SHA-256: 997a60f47207852ef0d06c1c880c1a5a568f8fbc90e71fbd5112a7eebf61e16d
 
Red Hat Enterprise Linux Server AUS (v. 6.4)

SRPMS:
vino-2.28.1-9.el6_4.src.rpm     MD5: 1c1bf7919672cc0a29578248b269d786
SHA-256: 692132f68de83699446a12350ded825a284017946151ffda111a14e4c7558920
 
x86_64:
vino-2.28.1-9.el6_4.x86_64.rpm     MD5: d735f3d8c1a7a1c350fb7fb184d93859
SHA-256: 093f79e8600811d7797a4c31e2573aa300b9fe0375ae8b2ea703616c33a8d213
vino-debuginfo-2.28.1-9.el6_4.x86_64.rpm     MD5: df6270589b75a759fdf66ab77778006d
SHA-256: 997a60f47207852ef0d06c1c880c1a5a568f8fbc90e71fbd5112a7eebf61e16d
 
Red Hat Enterprise Linux Server EUS (v. 6.4.z)

SRPMS:
vino-2.28.1-9.el6_4.src.rpm     MD5: 1c1bf7919672cc0a29578248b269d786
SHA-256: 692132f68de83699446a12350ded825a284017946151ffda111a14e4c7558920
 
IA-32:
vino-2.28.1-9.el6_4.i686.rpm     MD5: 9ff20779745cde9f8354c7acee47d31a
SHA-256: e3dc47ff20e1f748fe1bc5019980951722bf5eb271e677c3558e24a8283b534d
vino-debuginfo-2.28.1-9.el6_4.i686.rpm     MD5: 48484513e259edf24f467c75e36b0369
SHA-256: 2516254131a05de367ffa80502fe56c8697fc15b222b807e46201e0edd2d5cc7
 
PPC:
vino-2.28.1-9.el6_4.ppc64.rpm     MD5: 859de6c9f2246dd8e4428293f010d3d3
SHA-256: de432362d4de14704ce939f1d07b57656bd516bb9b1d980221e9fc6f413556d5
vino-debuginfo-2.28.1-9.el6_4.ppc64.rpm     MD5: 147760060f38824c60f55d09949b51c0
SHA-256: afe7a731e103a05e61a197646cda38822d458af33bbfb567901d882d351fb92c
 
s390x:
vino-2.28.1-9.el6_4.s390x.rpm     MD5: 8e39819a6668cabbf067e57f4ce4cf5f
SHA-256: eeebdf99520a058f5771ebec36b62ae5b833b4df2f068f2d68f01de5038cb2b1
vino-debuginfo-2.28.1-9.el6_4.s390x.rpm     MD5: 86a6ea9f253b8dbfac1c122f05f0e1ff
SHA-256: b9e0d5627d9b7023a9d110c3206fb4e57abf0e1e9d30fb9b0eb2492a8ad09184
 
x86_64:
vino-2.28.1-9.el6_4.x86_64.rpm     MD5: d735f3d8c1a7a1c350fb7fb184d93859
SHA-256: 093f79e8600811d7797a4c31e2573aa300b9fe0375ae8b2ea703616c33a8d213
vino-debuginfo-2.28.1-9.el6_4.x86_64.rpm     MD5: df6270589b75a759fdf66ab77778006d
SHA-256: 997a60f47207852ef0d06c1c880c1a5a568f8fbc90e71fbd5112a7eebf61e16d
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
vino-2.28.1-9.el6_4.src.rpm     MD5: 1c1bf7919672cc0a29578248b269d786
SHA-256: 692132f68de83699446a12350ded825a284017946151ffda111a14e4c7558920
 
IA-32:
vino-2.28.1-9.el6_4.i686.rpm     MD5: 9ff20779745cde9f8354c7acee47d31a
SHA-256: e3dc47ff20e1f748fe1bc5019980951722bf5eb271e677c3558e24a8283b534d
vino-debuginfo-2.28.1-9.el6_4.i686.rpm     MD5: 48484513e259edf24f467c75e36b0369
SHA-256: 2516254131a05de367ffa80502fe56c8697fc15b222b807e46201e0edd2d5cc7
 
x86_64:
vino-2.28.1-9.el6_4.x86_64.rpm     MD5: d735f3d8c1a7a1c350fb7fb184d93859
SHA-256: 093f79e8600811d7797a4c31e2573aa300b9fe0375ae8b2ea703616c33a8d213
vino-debuginfo-2.28.1-9.el6_4.x86_64.rpm     MD5: df6270589b75a759fdf66ab77778006d
SHA-256: 997a60f47207852ef0d06c1c880c1a5a568f8fbc90e71fbd5112a7eebf61e16d
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

910082 - CVE-2013-5745 vino: denial of service flaw


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/