Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE: 2020:0266-1 Important: Tigervnc Buffer Overflow Fixes

suse
Calendar Grey January 30, 2020
Dist Suse Esm H88
Crucial security enhancement for Tigervnc within SUSE tackles key vulnerabilities and includes comprehensive guidance for applying patches.
An update that solves 5 vulnerabilities and has three fixes is now available

Summary

This update for tigervnc provides the following fixes: Security issues fixed: - CVE-2019-15691: Fixed a use-after-return due to incorrect usage of stack memory in ZRLEDecoder (bsc#1159856). - CVE-2019-15692: Fixed a heap-based buffer overflow in CopyRectDecode (bsc#1160250). - CVE-2019-15693: Fixed a heap-based buffer overflow in TightDecoder::FilterGradient (bsc#1159858). - CVE-2019-15694: Fixed a heap-based buffer overflow, caused by improper error handling in processing MemOutStream (bsc#1160251). - CVE-2019-15695: Fixed a stack-based buffer overflow, which could be triggered from CMsgReader::readSetCursor (bsc#1159860). Non-security issue fixed: - Make sure CN in generated certificate doesn't exceed 64 characters. (bnc#1041847)

Topics%20covered

Topics Covered

security advisory buffer overflow patch important SUSE tigervnc use-after-return

References

#1041847 #1053373 #1159856 #1159858 #1159860

#1160250 #1160251 #1160937

Cross- CVE-2019-15691 CVE-2019-15692 CVE-2019-15693

CVE-2019-15694 CVE-2019-15695

Affected Products:

SUSE Linux Enterprise Server for SAP 12-SP1

SUSE Linux Enterprise Server 12-SP1-LTSS

https://www.suse.com/security/cve/CVE-2019-15691.html

https://www.suse.com/security/cve/CVE-2019-15692.html

https://www.suse.com/security/cve/CVE-2019-15693.html

https://www.suse.com/security/cve/CVE-2019-15694.html

https://www.suse.com/security/cve/CVE-2019-15695.html

https://bugzilla.suse.com/1041847

https://bugzilla.suse.com/1053373

https://bugzilla.suse.com/1159856

https://bugzilla.suse.com/1159858

https://bugzilla.suse.com/1159860

https://bugzilla.suse.com/1160250

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:0266-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow patch important SUSE tigervnc use-after-return

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here