Security update for LibVNCServer
Announcement ID: | SUSE-SU-2020:14424-1 |
---|---|
Rating: | important |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves six vulnerabilities can now be installed.
Description:
This update for LibVNCServer fixes the following issues:
- security update
- added patches fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c
- LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c
- LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c.
- LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c.
- LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c
- LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings.
- LibVNCServer-CVE-2020-14402,14403,14404.patch
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Point of Service 11 SP3
zypper in -t patch sleposp3-LibVNCServer-14424=1
-
SUSE Linux Enterprise Server 11 SP4 LTSS 11-SP4
zypper in -t patch slessp4-LibVNCServer-14424=1
-
SUSE Linux Enterprise Server 11 SP4
zypper in -t patch slessp4-LibVNCServer-14424=1
Package List:
-
SUSE Linux Enterprise Point of Service 11 SP3 (i586)
- LibVNCServer-0.9.1-160.19.1
-
SUSE Linux Enterprise Server 11 SP4 LTSS 11-SP4 (ppc64 s390x x86_64 i586)
- LibVNCServer-0.9.1-160.19.1
-
SUSE Linux Enterprise Server 11 SP4 (ppc64 s390x x86_64 i586)
- LibVNCServer-0.9.1-160.19.1
References:
- https://www.suse.com/security/cve/CVE-2020-14397.html
- https://www.suse.com/security/cve/CVE-2020-14398.html
- https://www.suse.com/security/cve/CVE-2020-14399.html
- https://www.suse.com/security/cve/CVE-2020-14400.html
- https://www.suse.com/security/cve/CVE-2020-14401.html
- https://www.suse.com/security/cve/CVE-2020-14402.html
- https://bugzilla.suse.com/show_bug.cgi?id=1173691
- https://bugzilla.suse.com/show_bug.cgi?id=1173694
- https://bugzilla.suse.com/show_bug.cgi?id=1173700
- https://bugzilla.suse.com/show_bug.cgi?id=1173701
- https://bugzilla.suse.com/show_bug.cgi?id=1173743
- https://bugzilla.suse.com/show_bug.cgi?id=1173880