Описание
Security update for LibVNCServer
This update for LibVNCServer fixes the following issues:
- CVE-2019-15690: Fixed a heap buffer overflow (bsc#1160471).
- CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419).
- CVE-2019-20788: Fixed a integer overflow and heap-based buffer overflow via a large height or width value (bsc#1170441).
Список пакетов
HPE Helion OpenStack 8
SUSE Enterprise Storage 5
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP4
SUSE Linux Enterprise Software Development Kit 12 SP5
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Ссылки
- Link for SUSE-SU-2020:1165-1
- E-Mail link for SUSE-SU-2020:1165-1
- SUSE Security Ratings
- SUSE Bug 1155419
- SUSE Bug 1160471
- SUSE Bug 1170441
- SUSE CVE CVE-2019-15681 page
- SUSE CVE CVE-2019-15690 page
- SUSE CVE CVE-2019-20788 page
Описание
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.
Затронутые продукты
Ссылки
- CVE-2019-15681
- SUSE Bug 1155419
Описание
LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution.
Затронутые продукты
Ссылки
- CVE-2019-15690
- SUSE Bug 1160471
- SUSE Bug 1170441
Описание
libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.
Затронутые продукты
Ссылки
- CVE-2019-20788
- SUSE Bug 1170441
- SUSE Bug 1173698