openSUSE-SU-2020:1071-1

Опубликовано: 26 июл. 2020

Источник: suse-cvrf

Описание

Security update for vino

This update for vino fixes the following issues:

CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.1

vino-3.22.0-lp151.4.3.1

vino-lang-3.22.0-lp151.4.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WKLAETLUS52X5UOKRNDBTXHHCHX2WSD5/
E-Mail link for openSUSE-SU-2020:1071-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1155419
SUSE Bug 1155419
https://www.suse.com/security/cve/CVE-2019-15681/
SUSE CVE CVE-2019-15681 page

Описание

LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.

Затронутые продукты

openSUSE Leap 15.1:vino-3.22.0-lp151.4.3.1

openSUSE Leap 15.1:vino-lang-3.22.0-lp151.4.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-15681.html
CVE-2019-15681
https://bugzilla.suse.com/1155419
SUSE Bug 1155419

openSUSE-SU-2020:1071-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2019-15681

Описание

Затронутые продукты

Ссылки