Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE: 2020:0159-1 Important: tigervnc Buffer Overflow Issues Fixed

suse
Calendar Grey January 22, 2020
Dist Suse Esm H88
SUSE Issues Security Announcement for tigervnc Addressing Severe Buffer Overflow Vulnerabilities with Urgent Update Alert.
An update that solves 5 vulnerabilities and has one errata is now available

Summary

This update for tigervnc fixes the following issues: - CVE-2019-15691: Fixed a use-after-return due to incorrect usage of stack memory in ZRLEDecoder (bsc#1159856). - CVE-2019-15692: Fixed a heap-based buffer overflow in CopyRectDecode (bsc#1160250). - CVE-2019-15693: Fixed a heap-based buffer overflow in TightDecoder::FilterGradient (bsc#1159858). - CVE-2019-15694: Fixed a heap-based buffer overflow, caused by improper error handling in processing MemOutStream (bsc#1160251). - CVE-2019-15695: Fixed a stack-based buffer overflow, which could be triggered from CMsgReader::readSetCursor (bsc#1159860). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

Topics%20covered

Topics Covered

security advisory buffer overflow important tigervnc SUSE Linux Enterprise stack memory SUSE OpenStack

References

#1159856 #1159858 #1159860 #1160250 #1160251

#1160937

Cross- CVE-2019-15691 CVE-2019-15692 CVE-2019-15693

CVE-2019-15694 CVE-2019-15695

Affected Products:

SUSE OpenStack Cloud Crowbar 8

SUSE OpenStack Cloud 8

SUSE OpenStack Cloud 7

SUSE Linux Enterprise Server for SAP 12-SP3

SUSE Linux Enterprise Server for SAP 12-SP2

SUSE Linux Enterprise Server 12-SP3-LTSS

SUSE Linux Enterprise Server 12-SP3-BCL

SUSE Linux Enterprise Server 12-SP2-LTSS

SUSE Linux Enterprise Server 12-SP2-BCL

SUSE Enterprise Storage 5

HPE Helion Openstack 8

https://www.suse.com/security/cve/CVE-2019-15691.html

https://www.suse.com/security/cve/CVE-2019-15692.html

https://www.suse.com/security/cve/CVE-2019-15693.html

https://www.suse.com/security/cve/CVE-...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:0159-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow important tigervnc SUSE Linux Enterprise stack memory SUSE OpenStack

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here