Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2020:0113-1 Important: Tigervnc Buffer Overflow Fixes

suse
Calendar Grey January 16, 2020
Dist Suse Esm H88
SUSE Security Advisory: Addresses various vulnerabilities in tigervnc with high severity and detailed guidance for implementation.
An update that fixes 5 vulnerabilities is now available

Summary

This update for tigervnc fixes the following issues: - CVE-2019-15691: Fixed a use-after-return due to incorrect usage of stack memory in ZRLEDecoder (bsc#1159856). - CVE-2019-15692: Fixed a heap-based buffer overflow in CopyRectDecode (bsc#1160250). - CVE-2019-15693: Fixed a heap-based buffer overflow in TightDecoder::FilterGradient (bsc#1159858). - CVE-2019-15694: Fixed a heap-based buffer overflow, caused by improper error handling in processing MemOutStream (bsc#1160251). - CVE-2019-15695: Fixed a stack-based buffer overflow, which could be triggered from CMsgReader::readSetCursor (bsc#1159860). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

Topics%20covered

Topics Covered

security advisory buffer overflow important SUSE Linux tigervnc

References

#1159856 #1159858 #1159860 #1160250 #1160251

Cross- CVE-2019-15691 CVE-2019-15692 CVE-2019-15693

CVE-2019-15694 CVE-2019-15695

Affected Products:

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1

SUSE Linux Enterprise Module for Desktop Applications 15-SP1

SUSE Linux Enterprise Module for Basesystem 15-SP1

https://www.suse.com/security/cve/CVE-2019-15691.html

https://www.suse.com/security/cve/CVE-2019-15692.html

https://www.suse.com/security/cve/CVE-2019-15693.html

https://www.suse.com/security/cve/CVE-2019-15694.html

https://www.suse.com/security/cve/CVE-2019-15695.html

https://bugzilla.suse.com/1159856

https://bugzilla.suse.com/1159858

https://bugzilla.suse.com/1159860

https://bugzilla.suse.com/1160250

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:0113-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow important SUSE Linux tigervnc

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here