A vulnerability was found in tigerVNC. The Xvnc server from tigervnc can crash when a client terminates a TLS connection early. This is due to invalid initialization/deinitialization order of the GnuTLS library. References: http://seclists.org/oss-sec/2017/q1/297 Upstream patch: https://github.com/TigerVNC/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649
Created tigervnc tracking bugs for this issue: Affects: fedora-all [bug 1415719]
CVE assignment: http://seclists.org/oss-sec/2017/q1/312
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2017:0630 https://rhn.redhat.com/errata/RHSA-2017-0630.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:2000 https://access.redhat.com/errata/RHSA-2017:2000