Описание
Security update for vino
This update for vino fixes the following issues:
- CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419).
Список пакетов
SUSE Linux Enterprise Server 12 SP4
vino-3.20.2-7.3.21
vino-lang-3.20.2-7.3.21
SUSE Linux Enterprise Server 12 SP5
vino-3.20.2-7.3.21
vino-lang-3.20.2-7.3.21
SUSE Linux Enterprise Server for SAP Applications 12 SP4
vino-3.20.2-7.3.21
vino-lang-3.20.2-7.3.21
SUSE Linux Enterprise Server for SAP Applications 12 SP5
vino-3.20.2-7.3.21
vino-lang-3.20.2-7.3.21
Ссылки
- Link for SUSE-SU-2020:0955-1
- E-Mail link for SUSE-SU-2020:0955-1
- SUSE Security Ratings
- SUSE Bug 1155419
- SUSE CVE CVE-2019-15681 page
Описание
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP4:vino-3.20.2-7.3.21
SUSE Linux Enterprise Server 12 SP4:vino-lang-3.20.2-7.3.21
SUSE Linux Enterprise Server 12 SP5:vino-3.20.2-7.3.21
SUSE Linux Enterprise Server 12 SP5:vino-lang-3.20.2-7.3.21
Ссылки
- CVE-2019-15681
- SUSE Bug 1155419