Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE: 2020:0112-1 Important: tigervnc Various Buffer Overflows

suse
Calendar Grey January 16, 2020
Dist Suse Esm H88
OpenSUSE Security Patch for tigervnc fixes several serious vulnerabilities. Detailed guidance for implementation available for all users.
An update that fixes 5 vulnerabilities is now available

Summary

This update for tigervnc fixes the following issues: - CVE-2019-15691: Fixed a use-after-return due to incorrect usage of stack memory in ZRLEDecoder (bsc#1159856). - CVE-2019-15692: Fixed a heap-based buffer overflow in CopyRectDecode (bsc#1160250). - CVE-2019-15693: Fixed a heap-based buffer overflow in TightDecoder::FilterGradient (bsc#1159858). - CVE-2019-15694: Fixed a heap-based buffer overflow, caused by improper error handling in processing MemOutStream (bsc#1160251). - CVE-2019-15695: Fixed a stack-based buffer overflow, which could be triggered from CMsgReader::readSetCursor (bsc#1159860). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

Topics%20covered

Topics Covered

security advisory buffer overflow important SUSE Linux tigervnc use-after-return

References

#1159856 #1159858 #1159860 #1160250 #1160251

Cross- CVE-2019-15691 CVE-2019-15692 CVE-2019-15693

CVE-2019-15694 CVE-2019-15695

Affected Products:

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15

SUSE Linux Enterprise Module for Desktop Applications 15

SUSE Linux Enterprise Module for Basesystem 15

https://www.suse.com/security/cve/CVE-2019-15691.html

https://www.suse.com/security/cve/CVE-2019-15692.html

https://www.suse.com/security/cve/CVE-2019-15693.html

https://www.suse.com/security/cve/CVE-2019-15694.html

https://www.suse.com/security/cve/CVE-2019-15695.html

https://bugzilla.suse.com/1159856

https://bugzilla.suse.com/1159858

https://bugzilla.suse.com/1159860

https://bugzilla.suse.com/1160250

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:0112-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow important SUSE Linux tigervnc use-after-return

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here