You are here
Home > Preporuke > Sigurnosni nedostaci programske biblioteke LibVNCServer

Sigurnosni nedostaci programske biblioteke LibVNCServer

openSUSE Security Update: Security update for LibVNCServer
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:0053-1
Rating: important
References: #1120114 #1120115 #1120116 #1120117 #1120118
#1120119 #1120120 #1120121 #1120122
Cross-References: CVE-2018-15126 CVE-2018-15127 CVE-2018-20019
CVE-2018-20020 CVE-2018-20021 CVE-2018-20022
CVE-2018-20023 CVE-2018-20024 CVE-2018-6307

Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes 9 vulnerabilities is now available.

Description:

This update for LibVNCServer fixes the following issues:

Security issues fixed:

– CVE-2018-15126: Fixed use-after-free in file transfer extension
(bsc#1120114)
– CVE-2018-6307: Fixed use-after-free in file transfer extension server
code (bsc#1120115)
– CVE-2018-20020: Fixed heap out-of-bound write inside structure in VNC
client code (bsc#1120116)
– CVE-2018-15127: Fixed heap out-of-bounds write in rfbserver.c
(bsc#1120117)
– CVE-2018-20019: Fixed multiple heap out-of-bound writes in VNC client
code (bsc#1120118)
– CVE-2018-20023: Fixed information disclosure through improper
initialization in VNC Repeater client code (bsc#1120119)
– CVE-2018-20022: Fixed information disclosure through improper
initialization in VNC client code (bsc#1120120)
– CVE-2018-20024: Fixed NULL pointer dereference in VNC client code
(bsc#1120121)
– CVE-2018-20021: Fixed infinite loop in VNC client code (bsc#1120122)

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-53=1

Package List:

– openSUSE Leap 15.0 (i586 x86_64):

LibVNCServer-debugsource-0.9.10-lp150.3.3.1
LibVNCServer-devel-0.9.10-lp150.3.3.1
libvncclient0-0.9.10-lp150.3.3.1
libvncclient0-debuginfo-0.9.10-lp150.3.3.1
libvncserver0-0.9.10-lp150.3.3.1
libvncserver0-debuginfo-0.9.10-lp150.3.3.1

References:

https://www.suse.com/security/cve/CVE-2018-15126.html
https://www.suse.com/security/cve/CVE-2018-15127.html
https://www.suse.com/security/cve/CVE-2018-20019.html
https://www.suse.com/security/cve/CVE-2018-20020.html
https://www.suse.com/security/cve/CVE-2018-20021.html
https://www.suse.com/security/cve/CVE-2018-20022.html
https://www.suse.com/security/cve/CVE-2018-20023.html
https://www.suse.com/security/cve/CVE-2018-20024.html
https://www.suse.com/security/cve/CVE-2018-6307.html
https://bugzilla.suse.com/1120114
https://bugzilla.suse.com/1120115
https://bugzilla.suse.com/1120116
https://bugzilla.suse.com/1120117
https://bugzilla.suse.com/1120118
https://bugzilla.suse.com/1120119
https://bugzilla.suse.com/1120120
https://bugzilla.suse.com/1120121
https://bugzilla.suse.com/1120122


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke libunwind

Otkriven je sigurnosni nedostatak programske biblioteke libunwind za operacijski sustav openSUSE. Otkriveni nedostatak potencijalnim napadačima omogućuje stjecanje uvećanih ovlasti. Savjetuje...

Close