Alerts This Week
Warning Icon 1 566
Alerts This Week
Warning Icon 1 566

openSUSE 42.3: 2019:0045-1 Important LibVNCServer Critical Threats

opensuse
Calendar Grey January 12, 2019
Dist Opensuse Esm H88
Essential openSUSE Security Patch for LibVNCServer resolves 9 major vulnerabilities to enhance system security.
An update that fixes 9 vulnerabilities is now available.

Description

This update for LibVNCServer fixes the following issues:

Security issues fixed:

- CVE-2018-15126: Fixed use-after-free in file transfer extension

(bsc#1120114)

- CVE-2018-6307: Fixed use-after-free in file transfer extension server

code (bsc#1120115)

- CVE-2018-20020: Fixed heap out-of-bound write inside structure in VNC

client code (bsc#1120116)

- CVE-2018-15127: Fixed heap out-of-bounds write in rfbserver.c

(bsc#1120117)

- CVE-2018-20019: Fixed multiple heap out-of-bound writes in VNC client

code (bsc#1120118)

- CVE-2018-20023: Fixed information disclosure through improper

initialization in VNC Repeater client code (bsc#1120119)

- CVE-2018-20022: Fixed information disclosure through improper

initialization in VNC client code (bsc#1120120)

- CVE-2018-20024: Fixed NULL pointer dereference in VNC client code

(bsc#1120121)

- CVE-2018-20021: Fixed infinite loop in VNC client code (bsc#1120122)

This update was...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory critical important software fix multiple threats openSUSE LibVNCServer

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-45=1

Package List

- openSUSE Leap 42.3 (i586 x86_64):

LibVNCServer-debugsource-0.9.9-16.6.1

LibVNCServer-devel-0.9.9-16.6.1

libvncclient0-0.9.9-16.6.1

libvncclient0-debuginfo-0.9.9-16.6.1

libvncserver0-0.9.9-16.6.1

libvncserver0-debuginfo-0.9.9-16.6.1

linuxvnc-0.9.9-16.6.1

linuxvnc-debuginfo-0.9.9-16.6.1

References

https://www.suse.com/security/cve/CVE-2018-15126.html

https://www.suse.com/security/cve/CVE-2018-15127.html

https://www.suse.com/security/cve/CVE-2018-20019.html

https://www.suse.com/security/cve/CVE-2018-20020.html

https://www.suse.com/security/cve/CVE-2018-20021.html

https://www.suse.com/security/cve/CVE-2018-20022.html

https://www.suse.com/security/cve/CVE-2018-20023.html

https://www.suse.com/security/cve/CVE-2018-20024.html

https://www.suse.com/security/cve/CVE-2018-6307.html

https://bugzilla.suse.com/1120114

https://bugzilla.suse.com/1120115

https://bugzilla.suse.com/1120116

https://bugzilla.suse.com/1120117

https://bugzilla.suse.com/1120118

https://bugzilla.suse.com/1120119

https://bugzilla.suse.com/1120120

https://bugzilla.suse.com/1120121

https://bugzilla.suse.com/1120122

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2019:0045-1
Rating: important
Affected Products: openSUSE Leap 42.3

Topics%20covered

Topics Covered

security advisory critical important software fix multiple threats openSUSE LibVNCServer

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here