Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

openSUSE Leap 15.2: 2020:1056-1 Important: LibVNCServer Buffer Overflow

opensuse
Calendar Grey July 24, 2020
Dist Opensuse Esm H88
openSUSE Security Update: Security update for LibVNCServer _________________________________________
An update that fixes 10 vulnerabilities is now available.

Description

This update for LibVNCServer fixes the following issues:

- security update

- added patches fix CVE-2018-21247 [bsc#1173874], uninitialized memory

contents are vulnerable to Information leak

+ LibVNCServer-CVE-2018-21247.patch fix CVE-2019-20839 [bsc#1173875],

buffer overflow in ConnectClientToUnixSock()

+ LibVNCServer-CVE-2019-20839.patch fix CVE-2019-20840 [bsc#1173876],

unaligned accesses in hybiReadAndDecode can lead to denial of service

+ LibVNCServer-CVE-2019-20840.patch fix CVE-2020-14398 [bsc#1173880],

improperly closed TCP connection causes an infinite loop in

libvncclient/sockets.c

+ LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397 [bsc#1173700],

NULL pointer dereference in libvncserver/rfbregion.c

+ LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399 [bsc#1173743],

Byte-aligned data is accessed through uint32_t pointers in

libvncclient/rfbproto.c.

+...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-1056=1

Package List

- openSUSE Leap 15.2 (i586 x86_64):

LibVNCServer-debugsource-0.9.10-lp152.9.4.2

LibVNCServer-devel-0.9.10-lp152.9.4.2

libvncclient0-0.9.10-lp152.9.4.2

libvncclient0-debuginfo-0.9.10-lp152.9.4.2

libvncserver0-0.9.10-lp152.9.4.2

libvncserver0-debuginfo-0.9.10-lp152.9.4.2

References

https://www.suse.com/security/cve/CVE-2017-18922.html

https://www.suse.com/security/cve/CVE-2018-21247.html

https://www.suse.com/security/cve/CVE-2019-20839.html

https://www.suse.com/security/cve/CVE-2019-20840.html

https://www.suse.com/security/cve/CVE-2020-14397.html

https://www.suse.com/security/cve/CVE-2020-14398.html

https://www.suse.com/security/cve/CVE-2020-14399.html

https://www.suse.com/security/cve/CVE-2020-14400.html

https://www.suse.com/security/cve/CVE-2020-14401.html

https://www.suse.com/security/cve/CVE-2020-14402.html

https://bugzilla.suse.com/1173477

https://bugzilla.suse.com/1173691

https://bugzilla.suse.com/1173694

https://bugzilla.suse.com/1173700

https://bugzilla.suse.com/1173701

https://bugzilla.suse.com/1173743

https://bugzilla.suse.com/1173874

https://bugzilla.suse.com/1173875

https://bugzilla.suse.com/1173876

https://bugzilla.suse.com/1173880

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2020:1056-1
Rating: important
Affected Products: openSUSE Leap 15.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here