Описание
Security update for gtk-vnc
This update for gtk-vnc fixes the following issues:
- CVE-2017-5885: Correctly validate color map range indexes (bsc#1024268).
- CVE-2017-5884: Fix bounds checking for RRE, hextile & copyrect encodings (bsc#1024266).
- Fix crash when opening connection from a GSocketAddress (bsc#1046782).
- Fix possible crash on connection failure (bsc#1188292).
Список пакетов
HPE Helion OpenStack 8
libgtk-vnc-1_0-0-0.6.0-11.3.1
libgtk-vnc-2_0-0-0.6.0-11.3.1
libgvnc-1_0-0-0.6.0-11.3.1
python-gtk-vnc-0.6.0-11.3.1
typelib-1_0-GVnc-1_0-0.6.0-11.3.1
typelib-1_0-GtkVnc-2_0-0.6.0-11.3.1
SUSE Linux Enterprise Server 12 SP2-BCL
libgtk-vnc-1_0-0-0.6.0-11.3.1
libgtk-vnc-2_0-0-0.6.0-11.3.1
libgvnc-1_0-0-0.6.0-11.3.1
python-gtk-vnc-0.6.0-11.3.1
typelib-1_0-GVnc-1_0-0.6.0-11.3.1
typelib-1_0-GtkVnc-2_0-0.6.0-11.3.1
SUSE Linux Enterprise Server 12 SP3-BCL
libgtk-vnc-1_0-0-0.6.0-11.3.1
libgtk-vnc-2_0-0-0.6.0-11.3.1
libgvnc-1_0-0-0.6.0-11.3.1
python-gtk-vnc-0.6.0-11.3.1
typelib-1_0-GVnc-1_0-0.6.0-11.3.1
typelib-1_0-GtkVnc-2_0-0.6.0-11.3.1
SUSE Linux Enterprise Server 12 SP3-LTSS
libgtk-vnc-1_0-0-0.6.0-11.3.1
libgtk-vnc-2_0-0-0.6.0-11.3.1
libgvnc-1_0-0-0.6.0-11.3.1
python-gtk-vnc-0.6.0-11.3.1
typelib-1_0-GVnc-1_0-0.6.0-11.3.1
typelib-1_0-GtkVnc-2_0-0.6.0-11.3.1
SUSE Linux Enterprise Server 12 SP4-LTSS
libgtk-vnc-1_0-0-0.6.0-11.3.1
libgtk-vnc-2_0-0-0.6.0-11.3.1
libgvnc-1_0-0-0.6.0-11.3.1
python-gtk-vnc-0.6.0-11.3.1
typelib-1_0-GVnc-1_0-0.6.0-11.3.1
typelib-1_0-GtkVnc-2_0-0.6.0-11.3.1
SUSE Linux Enterprise Server 12 SP5
libgtk-vnc-1_0-0-0.6.0-11.3.1
libgtk-vnc-2_0-0-0.6.0-11.3.1
libgvnc-1_0-0-0.6.0-11.3.1
python-gtk-vnc-0.6.0-11.3.1
typelib-1_0-GVnc-1_0-0.6.0-11.3.1
typelib-1_0-GtkVnc-2_0-0.6.0-11.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libgtk-vnc-1_0-0-0.6.0-11.3.1
libgtk-vnc-2_0-0-0.6.0-11.3.1
libgvnc-1_0-0-0.6.0-11.3.1
python-gtk-vnc-0.6.0-11.3.1
typelib-1_0-GVnc-1_0-0.6.0-11.3.1
typelib-1_0-GtkVnc-2_0-0.6.0-11.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libgtk-vnc-1_0-0-0.6.0-11.3.1
libgtk-vnc-2_0-0-0.6.0-11.3.1
libgvnc-1_0-0-0.6.0-11.3.1
python-gtk-vnc-0.6.0-11.3.1
typelib-1_0-GVnc-1_0-0.6.0-11.3.1
typelib-1_0-GtkVnc-2_0-0.6.0-11.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libgtk-vnc-1_0-0-0.6.0-11.3.1
libgtk-vnc-2_0-0-0.6.0-11.3.1
libgvnc-1_0-0-0.6.0-11.3.1
python-gtk-vnc-0.6.0-11.3.1
typelib-1_0-GVnc-1_0-0.6.0-11.3.1
typelib-1_0-GtkVnc-2_0-0.6.0-11.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5
gtk-vnc-devel-0.6.0-11.3.1
gtk-vnc2-devel-0.6.0-11.3.1
libgvncpulse-1_0-0-0.6.0-11.3.1
typelib-1_0-GVncPulse-1_0-0.6.0-11.3.1
typelib-1_0-GtkVnc-1_0-0.6.0-11.3.1
SUSE Linux Enterprise Workstation Extension 12 SP5
gtk-vnc-lang-0.6.0-11.3.1
SUSE OpenStack Cloud 8
libgtk-vnc-1_0-0-0.6.0-11.3.1
libgtk-vnc-2_0-0-0.6.0-11.3.1
libgvnc-1_0-0-0.6.0-11.3.1
python-gtk-vnc-0.6.0-11.3.1
typelib-1_0-GVnc-1_0-0.6.0-11.3.1
typelib-1_0-GtkVnc-2_0-0.6.0-11.3.1
SUSE OpenStack Cloud 9
libgtk-vnc-1_0-0-0.6.0-11.3.1
libgtk-vnc-2_0-0-0.6.0-11.3.1
libgvnc-1_0-0-0.6.0-11.3.1
python-gtk-vnc-0.6.0-11.3.1
typelib-1_0-GVnc-1_0-0.6.0-11.3.1
typelib-1_0-GtkVnc-2_0-0.6.0-11.3.1
SUSE OpenStack Cloud Crowbar 8
libgtk-vnc-1_0-0-0.6.0-11.3.1
libgtk-vnc-2_0-0-0.6.0-11.3.1
libgvnc-1_0-0-0.6.0-11.3.1
python-gtk-vnc-0.6.0-11.3.1
typelib-1_0-GVnc-1_0-0.6.0-11.3.1
typelib-1_0-GtkVnc-2_0-0.6.0-11.3.1
SUSE OpenStack Cloud Crowbar 9
libgtk-vnc-1_0-0-0.6.0-11.3.1
libgtk-vnc-2_0-0-0.6.0-11.3.1
libgvnc-1_0-0-0.6.0-11.3.1
python-gtk-vnc-0.6.0-11.3.1
typelib-1_0-GVnc-1_0-0.6.0-11.3.1
typelib-1_0-GtkVnc-2_0-0.6.0-11.3.1
Ссылки
- Link for SUSE-SU-2021:3125-1
- E-Mail link for SUSE-SU-2021:3125-1
- SUSE Security Ratings
- SUSE Bug 1024266
- SUSE Bug 1024268
- SUSE Bug 1046782
- SUSE Bug 1188292
- SUSE CVE CVE-2017-5884 page
- SUSE CVE CVE-2017-5885 page
Описание
gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.
Затронутые продукты
HPE Helion OpenStack 8:libgtk-vnc-1_0-0-0.6.0-11.3.1
HPE Helion OpenStack 8:libgtk-vnc-2_0-0-0.6.0-11.3.1
HPE Helion OpenStack 8:libgvnc-1_0-0-0.6.0-11.3.1
HPE Helion OpenStack 8:python-gtk-vnc-0.6.0-11.3.1
Ссылки
- CVE-2017-5884
- SUSE Bug 1024266
Описание
Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow.
Затронутые продукты
HPE Helion OpenStack 8:libgtk-vnc-1_0-0-0.6.0-11.3.1
HPE Helion OpenStack 8:libgtk-vnc-2_0-0-0.6.0-11.3.1
HPE Helion OpenStack 8:libgvnc-1_0-0-0.6.0-11.3.1
HPE Helion OpenStack 8:python-gtk-vnc-0.6.0-11.3.1
Ссылки
- CVE-2017-5885
- SUSE Bug 1024268