Security update for LibVNCServer SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:0830-1 Final 1 1 2018-03-27T14:28:22Z current 2018-03-27T14:28:22Z 2018-03-27T14:28:22Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for LibVNCServer LibVNCServer was updated to fix two security issues. These security issues were fixed: - CVE-2018-7225: Missing input sanitization inside rfbserver.c rfbProcessClientNormalMessage() (bsc#1081493). - CVE-2016-9942: Heap-based buffer overflow in ultra.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions (bsc#1017712). - CVE-2016-9941: Heap-based buffer overflow in rfbproto.c allowed remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area (bsc#1017711). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-RPI-12-SP2-2018-554,SUSE-SLE-SDK-12-SP2-2018-554,SUSE-SLE-SDK-12-SP3-2018-554,SUSE-SLE-SERVER-12-SP2-2018-554,SUSE-SLE-SERVER-12-SP3-2018-554 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20180830-1/ Link for SUSE-SU-2018:0830-1 https://lists.suse.com/pipermail/sle-security-updates/2018-March/003847.html E-Mail link for SUSE-SU-2018:0830-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1017711 SUSE Bug 1017711 https://bugzilla.suse.com/1017712 SUSE Bug 1017712 https://bugzilla.suse.com/1081493 SUSE Bug 1081493 https://www.suse.com/security/cve/CVE-2016-9941/ SUSE CVE CVE-2016-9941 page https://www.suse.com/security/cve/CVE-2016-9942/ SUSE CVE CVE-2016-9942 page https://www.suse.com/security/cve/CVE-2018-7225/ SUSE CVE CVE-2018-7225 page SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP2 SUSE Linux Enterprise Software Development Kit 12 SP3 libvncclient0-0.9.9-17.5.1 libvncserver0-0.9.9-17.5.1 LibVNCServer-devel-0.9.9-17.5.1 libvncclient0-0.9.9-17.5.1 as a component of SUSE Linux Enterprise Server 12 SP2 libvncserver0-0.9.9-17.5.1 as a component of SUSE Linux Enterprise Server 12 SP2 libvncclient0-0.9.9-17.5.1 as a component of SUSE Linux Enterprise Server 12 SP3 libvncserver0-0.9.9-17.5.1 as a component of SUSE Linux Enterprise Server 12 SP3 libvncclient0-0.9.9-17.5.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 libvncserver0-0.9.9-17.5.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 libvncclient0-0.9.9-17.5.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libvncserver0-0.9.9-17.5.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libvncclient0-0.9.9-17.5.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libvncserver0-0.9.9-17.5.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 LibVNCServer-devel-0.9.9-17.5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2 LibVNCServer-devel-0.9.9-17.5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3 Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area. CVE-2016-9941 SUSE Linux Enterprise Server 12 SP2:libvncclient0-0.9.9-17.5.1 SUSE Linux Enterprise Server 12 SP2:libvncserver0-0.9.9-17.5.1 SUSE Linux Enterprise Server 12 SP3:libvncclient0-0.9.9-17.5.1 SUSE Linux Enterprise Server 12 SP3:libvncserver0-0.9.9-17.5.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libvncclient0-0.9.9-17.5.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libvncserver0-0.9.9-17.5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libvncclient0-0.9.9-17.5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libvncserver0-0.9.9-17.5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libvncclient0-0.9.9-17.5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libvncserver0-0.9.9-17.5.1 SUSE Linux Enterprise Software Development Kit 12 SP2:LibVNCServer-devel-0.9.9-17.5.1 SUSE Linux Enterprise Software Development Kit 12 SP3:LibVNCServer-devel-0.9.9-17.5.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180830-1/ https://www.suse.com/security/cve/CVE-2016-9941.html CVE-2016-9941 https://bugzilla.suse.com/1017711 SUSE Bug 1017711 https://bugzilla.suse.com/1019274 SUSE Bug 1019274 Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions. CVE-2016-9942 SUSE Linux Enterprise Server 12 SP2:libvncclient0-0.9.9-17.5.1 SUSE Linux Enterprise Server 12 SP2:libvncserver0-0.9.9-17.5.1 SUSE Linux Enterprise Server 12 SP3:libvncclient0-0.9.9-17.5.1 SUSE Linux Enterprise Server 12 SP3:libvncserver0-0.9.9-17.5.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libvncclient0-0.9.9-17.5.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libvncserver0-0.9.9-17.5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libvncclient0-0.9.9-17.5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libvncserver0-0.9.9-17.5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libvncclient0-0.9.9-17.5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libvncserver0-0.9.9-17.5.1 SUSE Linux Enterprise Software Development Kit 12 SP2:LibVNCServer-devel-0.9.9-17.5.1 SUSE Linux Enterprise Software Development Kit 12 SP3:LibVNCServer-devel-0.9.9-17.5.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180830-1/ https://www.suse.com/security/cve/CVE-2016-9942.html CVE-2016-9942 https://bugzilla.suse.com/1017712 SUSE Bug 1017712 https://bugzilla.suse.com/1019274 SUSE Bug 1019274 An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. CVE-2018-7225 SUSE Linux Enterprise Server 12 SP2:libvncclient0-0.9.9-17.5.1 SUSE Linux Enterprise Server 12 SP2:libvncserver0-0.9.9-17.5.1 SUSE Linux Enterprise Server 12 SP3:libvncclient0-0.9.9-17.5.1 SUSE Linux Enterprise Server 12 SP3:libvncserver0-0.9.9-17.5.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libvncclient0-0.9.9-17.5.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libvncserver0-0.9.9-17.5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libvncclient0-0.9.9-17.5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libvncserver0-0.9.9-17.5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libvncclient0-0.9.9-17.5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libvncserver0-0.9.9-17.5.1 SUSE Linux Enterprise Software Development Kit 12 SP2:LibVNCServer-devel-0.9.9-17.5.1 SUSE Linux Enterprise Software Development Kit 12 SP3:LibVNCServer-devel-0.9.9-17.5.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180830-1/ https://www.suse.com/security/cve/CVE-2018-7225.html CVE-2018-7225 https://bugzilla.suse.com/1081493 SUSE Bug 1081493 https://bugzilla.suse.com/1090647 SUSE Bug 1090647