Please Install the Updated Packages.

Virtual Network Computing (VNC) is a remote display system which allows you to view a computer's &quot desktop&quot environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. An insufficient input validation flaw was discovered in the VNC client application, vncviewer. If an attacker could convince a victim to connect to a malicious VNC server, or when an attacker was able to connect to vncviewer running in the &quot listen&quot mode, the attacker could cause the victim's vncviewer to crash or, possibly, execute arbitrary code. (CVE-2008-4770) Users of vncviewer should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all running instances of vncviewer must be restarted after the update is installed.

vnc on CentOS 3

• http://lists.centos.org/pipermail/centos-announce/2009-February/015629.html

---

Updated on 2015-03-25