mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

tigervnc: patch CVE-2026-34352

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-34352

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Ankur Tyagi
2026-04-06 00:49:12 +12:00
committed by Anuj Mittal
parent 1ccaa949ea
commit dba7c549bd
2 changed files with 32 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-graphics/tigervnc/files/CVE-2026-34352.patch
+31
View File
@@ -0,0 +1,31 @@
From da8952d2c1ebc3bb89c01c2d0d055017348685c0 Mon Sep 17 00:00:00 2001
From: Pierre Ossman <ossman@cendio.se>
Date: Tue, 24 Mar 2026 09:52:01 +0100
Subject: [PATCH] Prevent other users reading x0vncserver screen
Prevent other users from observing the screen, or modifying what is sent
to the client. Malicious attackers can even crash x0vncserver if they
time the modifications right.
(cherry picked from commit 0b5cab169d847789efa54459a87659d3fd484393)
CVE: CVE-2026-34352
Upstream-Status: Backport [https://github.com/TigerVNC/tigervnc/commit/0b5cab169d847789efa54459a87659d3fd484393]
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
unix/x0vncserver/Image.cxx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/unix/x0vncserver/Image.cxx b/unix/x0vncserver/Image.cxx
index bd48c88d..abc421d7 100644
--- a/unix/x0vncserver/Image.cxx
+++ b/unix/x0vncserver/Image.cxx
@@ -268,7 +268,7 @@ void ShmImage::Init(int width, int height, const XVisualInfo *vinfo)
shminfo->shmid = shmget(IPC_PRIVATE,
xim->bytes_per_line * xim->height,
- IPC_CREAT|0777);
+ IPC_CREAT|0600);
if (shminfo->shmid == -1) {
perror("shmget");
vlog.error("shmget() failed (%d bytes requested)",
meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb
+1
View File
@@ -22,6 +22,7 @@ SRC_URI = "git://github.com/TigerVNC/tigervnc.git;branch=1.15-branch;protocol=ht
file://0001-do-not-build-tests-sub-directory.patch \
file://0002-add-missing-dynamic-library-to-FLTK_LIBRARIES.patch \
file://0003-tigervnc-add-fPIC-option-to-COMPILE_FLAGS.patch \
file://CVE-2026-34352.patch \
"
# Keep sync with xorg-server in oe-core