Описание
Security update for LibVNCServer
This update for LibVNCServer fixes the following issues:
- CVE-2020-25708 [bsc#1178682], libvncserver/rfbserver.c has a divide by zero which could result in DoS
Список пакетов
SUSE Linux Enterprise Module for Package Hub 15 SP1
libvncserver0-0.9.10-4.25.1
SUSE Linux Enterprise Module for Package Hub 15 SP2
libvncserver0-0.9.10-4.25.1
SUSE Linux Enterprise Workstation Extension 15 SP1
libvncclient0-0.9.10-4.25.1
SUSE Linux Enterprise Workstation Extension 15 SP2
libvncclient0-0.9.10-4.25.1
libvncserver0-0.9.10-4.25.1
Ссылки
- Link for SUSE-SU-2020:3515-1
- E-Mail link for SUSE-SU-2020:3515-1
- SUSE Security Ratings
- SUSE Bug 1178682
- SUSE CVE CVE-2020-25708 page
Описание
A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service.
Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP1:libvncserver0-0.9.10-4.25.1
SUSE Linux Enterprise Module for Package Hub 15 SP2:libvncserver0-0.9.10-4.25.1
SUSE Linux Enterprise Workstation Extension 15 SP1:libvncclient0-0.9.10-4.25.1
SUSE Linux Enterprise Workstation Extension 15 SP2:libvncclient0-0.9.10-4.25.1
Ссылки
- CVE-2020-25708
- SUSE Bug 1178682