Описание
Security update for LibVNCServer
This update for LibVNCServer fixes the following issues:
- security update fix CVE-2018-21247 [bsc#1173874], uninitialized memory contents are vulnerable to Information leak fix CVE-2019-20839 [bsc#1173875], buffer overflow in ConnectClientToUnixSock() fix CVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode can lead to denial of service fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2020-14403 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2020-14404 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2017-18922 [bsc#1173477], preauth buffer overwrite
Список пакетов
HPE Helion OpenStack 8
SUSE Enterprise Storage 5
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP4-LTSS
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP5
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Ссылки
- Link for SUSE-SU-2020:2167-1
- E-Mail link for SUSE-SU-2020:2167-1
- SUSE Security Ratings
- SUSE Bug 1173477
- SUSE Bug 1173691
- SUSE Bug 1173694
- SUSE Bug 1173700
- SUSE Bug 1173701
- SUSE Bug 1173743
- SUSE Bug 1173874
- SUSE Bug 1173875
- SUSE Bug 1173876
- SUSE Bug 1173880
- SUSE CVE CVE-2017-18922 page
- SUSE CVE CVE-2018-21247 page
- SUSE CVE CVE-2019-20839 page
- SUSE CVE CVE-2019-20840 page
- SUSE CVE CVE-2020-14397 page
- SUSE CVE CVE-2020-14398 page
- SUSE CVE CVE-2020-14399 page
Описание
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.
Затронутые продукты
Ссылки
- CVE-2017-18922
- SUSE Bug 1173477
Описание
An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.
Затронутые продукты
Ссылки
- CVE-2018-21247
- SUSE Bug 1173477
- SUSE Bug 1173874
Описание
libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.
Затронутые продукты
Ссылки
- CVE-2019-20839
- SUSE Bug 1173477
- SUSE Bug 1173875
Описание
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.
Затронутые продукты
Ссылки
- CVE-2019-20840
- SUSE Bug 1173477
- SUSE Bug 1173876
Описание
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.
Затронутые продукты
Ссылки
- CVE-2020-14397
- SUSE Bug 1173477
- SUSE Bug 1173700
Описание
An issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.
Затронутые продукты
Ссылки
- CVE-2020-14398
- SUSE Bug 1173477
- SUSE Bug 1173880
Описание
** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed."
Затронутые продукты
Ссылки
- CVE-2020-14399
- SUSE Bug 1173477
- SUSE Bug 1173743
Описание
** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary.
Затронутые продукты
Ссылки
- CVE-2020-14400
- SUSE Bug 1173477
- SUSE Bug 1173691
Описание
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.
Затронутые продукты
Ссылки
- CVE-2020-14401
- SUSE Bug 1173477
- SUSE Bug 1173694
Описание
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.
Затронутые продукты
Ссылки
- CVE-2020-14402
- SUSE Bug 1173477
- SUSE Bug 1173701
Описание
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.
Затронутые продукты
Ссылки
- CVE-2020-14403
- SUSE Bug 1173701
Описание
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.
Затронутые продукты
Ссылки
- CVE-2020-14404
- SUSE Bug 1173701