Описание
Security update for LibVNCServer
This update for LibVNCServer fixes the following issues:
- security update
- added patches
fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c
- LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c
- LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c.
- LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c.
- LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c
- LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings.
- LibVNCServer-CVE-2020-14402,14403,14404.patch
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
SUSE Linux Enterprise Server 11 SP4-LTSS
Ссылки
- Link for SUSE-SU-2020:14424-1
- E-Mail link for SUSE-SU-2020:14424-1
- SUSE Security Ratings
- SUSE Bug 1173691
- SUSE Bug 1173694
- SUSE Bug 1173700
- SUSE Bug 1173701
- SUSE Bug 1173743
- SUSE Bug 1173880
- SUSE CVE CVE-2020-14397 page
- SUSE CVE CVE-2020-14398 page
- SUSE CVE CVE-2020-14399 page
- SUSE CVE CVE-2020-14400 page
- SUSE CVE CVE-2020-14401 page
- SUSE CVE CVE-2020-14402 page
Описание
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.
Затронутые продукты
Ссылки
- CVE-2020-14397
- SUSE Bug 1173477
- SUSE Bug 1173700
Описание
An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.
Затронутые продукты
Ссылки
- CVE-2020-14398
- SUSE Bug 1173477
- SUSE Bug 1173880
Описание
** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed."
Затронутые продукты
Ссылки
- CVE-2020-14399
- SUSE Bug 1173477
- SUSE Bug 1173743
Описание
** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary.
Затронутые продукты
Ссылки
- CVE-2020-14400
- SUSE Bug 1173477
- SUSE Bug 1173691
Описание
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.
Затронутые продукты
Ссылки
- CVE-2020-14401
- SUSE Bug 1173477
- SUSE Bug 1173694
Описание
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.
Затронутые продукты
Ссылки
- CVE-2020-14402
- SUSE Bug 1173477
- SUSE Bug 1173701