CentOS Update For Vino CESA-2013:1452 Centos6 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Vino is a Virtual Network Computing (VNC) server for GNOME. It allows remote users to connect to a running GNOME session using VNC. A denial of service flaw was found in the way Vino handled certain authenticated requests from clients that were in the deferred state. A remote attacker could use this flaw to make the vino-server process enter an infinite loop when processing those incoming requests. (CVE-2013-5745) All vino users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The GNOME session must be restarted (log out, then log back in) for this update to take effect.

Affected

vino on CentOS 6

References

http://lists.centos.org/pipermail/centos-announce/2013-October/019984.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-5745

CVSS	Base Score: 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C

Related Vulnerabilities

CentOS Security Advisory CESA-2009:1201 (java-1.6.0-openjdk)
CentOS Security Advisory CESA-2009:1059 (pidgin)
CentOS Security Advisory CESA-2009:1128 (kdelibs)
CentOS Security Advisory CESA-2009:0358 (evolution)
CentOS Security Advisory CESA-2009:1218 (pidgin)

CentOS Update for vino CESA-2013:1452 centos6

Take action and discover your vulnerabilities