Technical Description

Fedora has released updated packages to address a vulnerability identified in VNC. This flaw could be exploited by remote unauthenticated attackers to gain unauthorized access to a vulnerable system via a specially crafted request. For additional information, see : VUPEN/ADV-2006-1790

Affected Products

Fedora Core 4
Fedora Core 5

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

094d5ec6b00b7dce77b377486a0ab88f563244fe SRPMS/vnc-4.1.1-10.1.fc4.src.rpm
ddd18e2fc5220616221d9a344855ad702cf1b7ea ppc/vnc-4.1.1-10.1.fc4.ppc.rpm
1e927b9d3d1a0a06ac70772f6c85790384bc485f ppc/vnc-server-4.1.1-10.1.fc4.ppc.rpm
8ae8a0ee4bb2c1d297a8e79f90d3a8a643084cf6 ppc/debug/vnc-debuginfo-4.1.1-10.1.fc4.ppc.rpm
d38672368b6999f4cfd20c8545445200a16bb590 x86_64/vnc-4.1.1-10.1.fc4.x86_64.rpm
39dc5fcc9a8f8143f4ffe3ef59f4960be893085e x86_64/vnc-server-4.1.1-10.1.fc4.x86_64.rpm
ac01ce5d62dd905497e1aeae81e2b4cbe15540d4 x86_64/debug/vnc-debuginfo-4.1.1-10.1.fc4.x86_64.rpm
bfc98b0cfb071ef3be97c8aa0acce60d2aa8043f i386/vnc-4.1.1-10.1.fc4.i386.rpm
fb48ea0ebdc06f976dce1077b0906575eb631e8f i386/vnc-server-4.1.1-10.1.fc4.i386.rpm
9250b17e6377e771bdd6a5c2d811fd9019556677 i386/debug/vnc-debuginfo-4.1.1-10.1.fc4.i386.rpm

References

http://www.vupen.com/english/advisories/2006/1833
https://www.redhat.com/archives/fedora-package-announce/2006-May/msg00071.html
https://www.redhat.com/archives/fedora-package-announce/2006-May/msg00072.html

ChangeLog

2006-05-16 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.