Security update for LibVNCServer SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:0196-1 Final 1 1 2019-03-23T11:00:00Z current 2019-03-23T11:00:00Z 2019-03-23T11:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for LibVNCServer This update for LibVNCServer fixes the following issues: Security issues fixed: - CVE-2018-20749: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123828) - CVE-2018-20750: Fixed a heap out of bounds write vulnerability in rfbserver.c (bsc#1123832) - CVE-2018-20748: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1123823) This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-196 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00033.html E-Mail link for openSUSE-SU-2019:0196-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1123823 SUSE Bug 1123823 https://bugzilla.suse.com/1123828 SUSE Bug 1123828 https://bugzilla.suse.com/1123832 SUSE Bug 1123832 https://www.suse.com/security/cve/CVE-2018-20748/ SUSE CVE CVE-2018-20748 page https://www.suse.com/security/cve/CVE-2018-20749/ SUSE CVE CVE-2018-20749 page https://www.suse.com/security/cve/CVE-2018-20750/ SUSE CVE CVE-2018-20750 page openSUSE Leap 15.0 LibVNCServer-devel-0.9.10-lp150.3.6.1 libvncclient0-0.9.10-lp150.3.6.1 libvncserver0-0.9.10-lp150.3.6.1 LibVNCServer-devel-0.9.10-lp150.3.6.1 as a component of openSUSE Leap 15.0 libvncclient0-0.9.10-lp150.3.6.1 as a component of openSUSE Leap 15.0 libvncserver0-0.9.10-lp150.3.6.1 as a component of openSUSE Leap 15.0 LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete. CVE-2018-20748 openSUSE Leap 15.0:LibVNCServer-devel-0.9.10-lp150.3.6.1 openSUSE Leap 15.0:libvncclient0-0.9.10-lp150.3.6.1 openSUSE Leap 15.0:libvncserver0-0.9.10-lp150.3.6.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00033.html https://www.suse.com/security/cve/CVE-2018-20748.html CVE-2018-20748 https://bugzilla.suse.com/1120118 SUSE Bug 1120118 https://bugzilla.suse.com/1123823 SUSE Bug 1123823 https://bugzilla.suse.com/1155442 SUSE Bug 1155442 LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. CVE-2018-20749 openSUSE Leap 15.0:LibVNCServer-devel-0.9.10-lp150.3.6.1 openSUSE Leap 15.0:libvncclient0-0.9.10-lp150.3.6.1 openSUSE Leap 15.0:libvncserver0-0.9.10-lp150.3.6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00033.html https://www.suse.com/security/cve/CVE-2018-20749.html CVE-2018-20749 https://bugzilla.suse.com/1120117 SUSE Bug 1120117 https://bugzilla.suse.com/1123828 SUSE Bug 1123828 https://bugzilla.suse.com/1123832 SUSE Bug 1123832 LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. CVE-2018-20750 openSUSE Leap 15.0:LibVNCServer-devel-0.9.10-lp150.3.6.1 openSUSE Leap 15.0:libvncclient0-0.9.10-lp150.3.6.1 openSUSE Leap 15.0:libvncserver0-0.9.10-lp150.3.6.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-02/msg00033.html https://www.suse.com/security/cve/CVE-2018-20750.html CVE-2018-20750 https://bugzilla.suse.com/1120117 SUSE Bug 1120117 https://bugzilla.suse.com/1123832 SUSE Bug 1123832