Skip to content

TigerVNC 1.4.1
Compare
Choose a tag to compare
@bphinz bphinz released this 26 Dec 22:20
· 2196 commits to master since this release
v1.4.1
ca220b5

TigerVNC 1.4.1 is now available. This is release is in response to the recent Xorg Security Advisory. There are no known vulnerabilities in TigerVNC itself related to this advisory, however some of the changes to the Xorg codebase were not compatible with TigerVNC.

Additionally, the binary packages supplied by the TigerVNC team were built against vulnerable versions of Xorg. The EL6 and Ubuntu Precise & Trusty packages rely on their respective distribution to mitigate the Xorg CVEs. All of these packages have been rebuilt against the latest upstream Xorg source packages but are otherwise essentially unchanged from the 1.4.0 release. The generic and EL5 binaries were previously built against an older version Xorg to which the CVE patches could not be readily applied. As a result, the following changes were made to the generic and EL5 binaries:

  • Version bump of underlying codebase to Xorg X11R7.7 (patched to mitigate all known CVEs).
  • Previous versions linked against the system libGL. This led to issues when the system libGL was compiled differently or linked against incompatible libraries. Additionally, the swrast_dri.so library was installed to a location that could conflict with a system or vendor provided library of the same name. Beginning with the 1.4.1 release, the TigerVNC generic and EL5 binaries provide their own copy of libGL (installed under /usr/%{_libdir}/tigervnc/) in order to provide independence from the system libGL.

Binaries are available from SourceForge:

https://sourceforge.net/projects/tigervnc/files/stable/1.4.1/

Regards
The TigerVNC Developers

Assets 2
Loading