Описание
Security update for LibVNCServer
This update for LibVNCServer fixes the following issues:
- CVE-2019-15690: Fixed a heap buffer overflow (bsc#1160471).
- CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419).
- CVE-2019-20788: Fixed a integer overflow and heap-based buffer overflow via a large height or width value (bsc#1170441).
Список пакетов
SUSE Linux Enterprise Workstation Extension 15 SP1
Ссылки
- Link for SUSE-SU-2020:1164-1
- E-Mail link for SUSE-SU-2020:1164-1
- SUSE Security Ratings
- SUSE Bug 1155419
- SUSE Bug 1160471
- SUSE Bug 1170441
- SUSE CVE CVE-2019-15681 page
- SUSE CVE CVE-2019-15690 page
- SUSE CVE CVE-2019-20788 page
Описание
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.
Затронутые продукты
Ссылки
- CVE-2019-15681
- SUSE Bug 1155419
Описание
LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution.
Затронутые продукты
Ссылки
- CVE-2019-15690
- SUSE Bug 1160471
- SUSE Bug 1170441
Описание
libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.
Затронутые продукты
Ссылки
- CVE-2019-20788
- SUSE Bug 1170441
- SUSE Bug 1173698