Looks like it was RH only. SuSE have a similar advisory, but instead detail it to be a buffer overrun with the possibility that it might be publically available. With a mention of the weak encryption generated by a VNC cookie that is well known.
Hardly an internet stopper, but something to keep an eye on.
Thanks,
Ben