In TigerVNC (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames. Upstream patches: https://github.com/TigerVNC/tigervnc/pull/440/commits/62197c89e98be47a174074e4c7429c57767a4929 https://github.com/TigerVNC/tigervnc/pull/440/commits/9801c5efcf8c1774d9c807ebd5d27ac7049ad993
Created tigervnc tracking bugs for this issue: Affects: fedora-all [bug 1438704]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:2000 https://access.redhat.com/errata/RHSA-2017:2000