SUSE-SU-2020:1749-1

Details

This update for tigervnc fixes the following issues:

CVE-2019-15691: Fixed a use-after-return due to incorrect usage of stack memory in ZRLEDecoder (bsc#1159856).
CVE-2019-15692: Fixed a heap-based buffer overflow in CopyRectDecode (bsc#1160250).
CVE-2019-15693: Fixed a heap-based buffer overflow in TightDecoder::FilterGradient (bsc#1159858).
CVE-2019-15694: Fixed a heap-based buffer overflow, caused by improper error handling in processing MemOutStream (bsc#1160251).
CVE-2019-15695: Fixed a stack-based buffer overflow, which could be triggered from CMsgReader::readSetCursor (bsc#1159860).

Other bugs fixed:

Fix random connection freezes (bsc#1169952, bsc#1160249, bsc#1165680):

Affected Packages

libXvnc1

SUSE Linux Enterprise Server 12 SP4SUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP4SUSE Linux Enterprise Server for SAP Applications 12 SP5

Fixed in:

1.6.0-22.14.1

tigervnc

SUSE Linux Enterprise Server 12 SP4SUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP4SUSE Linux Enterprise Server for SAP Applications 12 SP5

Fixed in:

1.6.0-22.14.1

xorg-x11-Xvnc

SUSE Linux Enterprise Server 12 SP4SUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP4SUSE Linux Enterprise Server for SAP Applications 12 SP5

Fixed in:

1.6.0-22.14.1

References

REPORT

https://bugzilla.suse.com/1159856

REPORT

https://bugzilla.suse.com/1159858

REPORT

https://bugzilla.suse.com/1159860

REPORT

https://bugzilla.suse.com/1160249

REPORT