Security update for LibVNCServer SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2020:1164-2 Final 1 1 2020-07-07T11:43:24Z current 2020-07-07T11:43:24Z 2020-07-07T11:43:24Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for LibVNCServer This update for LibVNCServer fixes the following issues: - CVE-2019-15690: Fixed a heap buffer overflow (bsc#1160471). - CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419). - CVE-2019-20788: Fixed a integer overflow and heap-based buffer overflow via a large height or width value (bsc#1170441). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2020-1164,SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1164 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2020/suse-su-20201164-2/ Link for SUSE-SU-2020:1164-2 https://lists.suse.com/pipermail/sle-security-updates/2020-July/007090.html E-Mail link for SUSE-SU-2020:1164-2 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1155419 SUSE Bug 1155419 https://bugzilla.suse.com/1160471 SUSE Bug 1160471 https://bugzilla.suse.com/1170441 SUSE Bug 1170441 https://www.suse.com/security/cve/CVE-2019-15681/ SUSE CVE CVE-2019-15681 page https://www.suse.com/security/cve/CVE-2019-15690/ SUSE CVE CVE-2019-15690 page https://www.suse.com/security/cve/CVE-2019-20788/ SUSE CVE CVE-2019-20788 page SUSE Linux Enterprise Module for Package Hub 15 SP1 LibVNCServer-devel-0.9.10-4.14.1 libvncclient0-0.9.10-4.14.1 libvncserver0-0.9.10-4.14.1 libvncserver0-0.9.10-4.14.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP1 LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. CVE-2019-15681 SUSE Linux Enterprise Module for Package Hub 15 SP1:libvncserver0-0.9.10-4.14.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20201164-2/ https://www.suse.com/security/cve/CVE-2019-15681.html CVE-2019-15681 https://bugzilla.suse.com/1155419 SUSE Bug 1155419 LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution. CVE-2019-15690 SUSE Linux Enterprise Module for Package Hub 15 SP1:libvncserver0-0.9.10-4.14.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20201164-2/ https://www.suse.com/security/cve/CVE-2019-15690.html CVE-2019-15690 https://bugzilla.suse.com/1160471 SUSE Bug 1160471 https://bugzilla.suse.com/1170441 SUSE Bug 1170441 libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690. CVE-2019-20788 SUSE Linux Enterprise Module for Package Hub 15 SP1:libvncserver0-0.9.10-4.14.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20201164-2/ https://www.suse.com/security/cve/CVE-2019-20788.html CVE-2019-20788 https://bugzilla.suse.com/1170441 SUSE Bug 1170441 https://bugzilla.suse.com/1173698 SUSE Bug 1173698