SUSE-SU-2020:2009-1

Опубликовано: 22 июл. 2020

Источник: suse-cvrf

Описание

Security update for vino

This update for vino fixes the following issues:

CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419).

Список пакетов

SUSE Linux Enterprise Module for Desktop Applications 15 SP1

vino-3.22.0-3.6.76

vino-lang-3.22.0-3.6.76

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20202009-1/
Link for SUSE-SU-2020:2009-1
https://lists.suse.com/pipermail/sle-security-updates/2020-July/007169.html
E-Mail link for SUSE-SU-2020:2009-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1155419
SUSE Bug 1155419
https://www.suse.com/security/cve/CVE-2019-15681/
SUSE CVE CVE-2019-15681 page

Описание

LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.

Затронутые продукты

SUSE Linux Enterprise Module for Desktop Applications 15 SP1:vino-3.22.0-3.6.76

SUSE Linux Enterprise Module for Desktop Applications 15 SP1:vino-lang-3.22.0-3.6.76

Ссылки

https://www.suse.com/security/cve/CVE-2019-15681.html
CVE-2019-15681
https://bugzilla.suse.com/1155419
SUSE Bug 1155419

SUSE-SU-2020:2009-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Desktop Applications 15 SP1

Ссылки

Уязвимость: CVE-2019-15681

Описание

Затронутые продукты

Ссылки