CentOS Update For Vino CESA-2013:1452 Centos5 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Vino is a Virtual Network Computing (VNC) server for GNOME. It allows remote users to connect to a running GNOME session using VNC. A denial of service flaw was found in the way Vino handled certain authenticated requests from clients that were in the deferred state. A remote attacker could use this flaw to make the vino-server process enter an infinite loop when processing those incoming requests. (CVE-2013-5745) All vino users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The GNOME session must be restarted (log out, then log back in) for this update to take effect.

Affected

vino on CentOS 5

References

http://lists.centos.org/pipermail/centos-announce/2013-October/019982.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-5745
CVSS Base Score: 7.1
AV:N/AC:M/Au:N/C:N/I:N/A:C

Related Vulnerabilities

CentOS Security Advisory CESA-2009:0269 (gstreamer-plugins)
CentOS Security Advisory CESA-2009:1321 (nfs-utils)
CentOS Security Advisory CESA-2009:0270 (gstreamer-plugins)
CentOS Security Advisory CESA-2009:0408 (krb5)
CentOS Security Advisory CESA-2009:1233 (kernel)

CentOS Update for vino CESA-2013:1452 centos5

Take action and discover your vulnerabilities