Oval Definition:	oval:org.opensuse.security:def:52377
Revision Date: 2020-12-01 Version: 1 Title: Security update for LibVNCServer (Important) Description: This update for LibVNCServer fixes the following issues: - security update - added patches fix CVE-2018-21247 [bsc#1173874], uninitialized memory contents are vulnerable to Information leak + LibVNCServer-CVE-2018-21247.patch fix CVE-2019-20839 [bsc#1173875], buffer overflow in ConnectClientToUnixSock() + LibVNCServer-CVE-2019-20839.patch fix CVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode can lead to denial of service + LibVNCServer-CVE-2019-20840.patch fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c + LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c + LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. + LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. + LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c + LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings. + LibVNCServer-CVE-2020-14402,14403,14404.patch fix CVE-2017-18922 [bsc#1173477], preauth buffer overwrite Family: unix Class: patch Status: Reference(s): 1048942 1051510 1058115 1065600 1066382 1071995 1078248 1082635 1089644 1091041 1097975 1103200 1103206 1103990 1103991 1104353 1104427 1104745 1108043 1109837 1111666 1112178 1112374 1113722 1113956 1113994 1114279 1117169 1118661 1119113 1120853 1126390 1127354 1127371 1129770 1131107 1131277 1134983 1135966 1135967 1137223 1137236 1138039 1140948 1142095 1142635 1142924 1143706 1144333 1149032 1149448 1150466 1151067 1151548 1151900 1152782 1153628 1153811 1154043 1154058 1154124 1154355 1154526 1154601 1155021 1155689 1155692 1155836 1155897 1155921 1155982 1156187 1156258 1156429 1156466 1156471 1156494 1156609 1156700 1156729 1156882 1156928 1157032 1157038 1157042 1157044 1157045 1157046 1157049 1157070 1157115 1157143 1157145 1157158 1157160 1157162 1157171 1157173 1157178 1157180 1157182 1157183 1157184 1157191 1157193 1157197 1157298 1157304 1157307 1157324 1157333 1157386 1157424 1157463 1157499 1157678 1157698 1157778 1157908 1158049 1158063 1158064 1158065 1158066 1158067 1158068 1158071 1158082 1158381 1158394 1158398 1158407 1158410 1158413 1158417 1158427 1158445 1160947 1161360 1163524 1163592 1164648 1166965 1170232 1170415 1171417 1172004 1172073 1172366 1173115 1173233 1173477 1173691 1173694 1173700 1173701 1173743 1173874 1173875 1173876 1173880 1175306 1175721 1175749 1175882 1176011 1176235 1176278 1176354 1176381 1176423 1176482 1176485 1176698 1176721 1176722 1176723 1176725 1176732 1176877 1176907 1176922 1176990 1177027 1177086 1177121 1177165 1177206 1177226 1177281 1177410 1177411 1177470 1177511 1177513 1177724 1177725 1177766 1177799 1177801 1178003 1178123 1178166 1178173 1178175 1178176 1178177 1178183 1178184 1178185 1178186 1178190 1178191 1178255 1178307 1178330 1178393 1178395 1178622 1178765 1178782 1178838 CVE-2009-0688 CVE-2011-1898 CVE-2012-0029 CVE-2012-0217 CVE-2012-2625 CVE-2012-3432 CVE-2012-3433 CVE-2012-4411 CVE-2012-4535 CVE-2012-4536 CVE-2012-4537 CVE-2012-4538 CVE-2012-4539 CVE-2012-4544 CVE-2012-5510 CVE-2012-5511 CVE-2012-5513 CVE-2012-5514 CVE-2012-5515 CVE-2012-5525 CVE-2012-5634 CVE-2012-6075 CVE-2013-0151 CVE-2013-0152 CVE-2013-0153 CVE-2013-0157 CVE-2013-1442 CVE-2013-1917 CVE-2013-1918 CVE-2013-1919 CVE-2013-1922 CVE-2013-1952 CVE-2013-2001 CVE-2013-2007 CVE-2013-3495 CVE-2013-4355 CVE-2013-4356 CVE-2013-4361 CVE-2013-4375 CVE-2013-4416 CVE-2013-4494 CVE-2013-4540 CVE-2013-4551 CVE-2013-4553 CVE-2013-4554 CVE-2014-0222 CVE-2014-2892 CVE-2014-3124 CVE-2014-3615 CVE-2014-3675 CVE-2014-3675 CVE-2014-3676 CVE-2014-3676 CVE-2014-3677 CVE-2014-3677 CVE-2014-5146 CVE-2014-5149 CVE-2014-6268 CVE-2014-7154 CVE-2014-7155 CVE-2014-7156 CVE-2014-7188 CVE-2014-8594 CVE-2014-8595 CVE-2014-8866 CVE-2014-8867 CVE-2014-9030 CVE-2014-9065 CVE-2014-9066 CVE-2014-9114 CVE-2015-0361 CVE-2015-2044 CVE-2015-2045 CVE-2015-2151 CVE-2015-2152 CVE-2015-2751 CVE-2015-2752 CVE-2015-2756 CVE-2015-3259 CVE-2015-3340 CVE-2015-3456 CVE-2015-4037 CVE-2015-4103 CVE-2015-4104 CVE-2015-4105 CVE-2015-4106 CVE-2015-5154 CVE-2015-5218 CVE-2015-5239 CVE-2015-5307 CVE-2015-6815 CVE-2015-7311 CVE-2015-7835 CVE-2015-7969 CVE-2015-7970 CVE-2015-7971 CVE-2015-7972 CVE-2016-1544 CVE-2016-5011 CVE-2016-6354 CVE-2017-14731 CVE-2017-18922 CVE-2017-2616 CVE-2017-2816 CVE-2017-2920 CVE-2017-8422 CVE-2018-21247 CVE-2018-5804 CVE-2018-5813 CVE-2018-5815 CVE-2018-5816 CVE-2019-0154 CVE-2019-14895 CVE-2019-14901 CVE-2019-15916 CVE-2019-16231 CVE-2019-17055 CVE-2019-18660 CVE-2019-18683 CVE-2019-18805 CVE-2019-18809 CVE-2019-19046 CVE-2019-19049 CVE-2019-19052 CVE-2019-19056 CVE-2019-19057 CVE-2019-19058 CVE-2019-19060 CVE-2019-19062 CVE-2019-19063 CVE-2019-19065 CVE-2019-19067 CVE-2019-19068 CVE-2019-19073 CVE-2019-19074 CVE-2019-19075 CVE-2019-19077 CVE-2019-19078 CVE-2019-19080 CVE-2019-19081 CVE-2019-19082 CVE-2019-19083 CVE-2019-19227 CVE-2019-19524 CVE-2019-19525 CVE-2019-19528 CVE-2019-19529 CVE-2019-19530 CVE-2019-19531 CVE-2019-19534 CVE-2019-19536 CVE-2019-19543 CVE-2019-20839 CVE-2019-20840 CVE-2020-0404 CVE-2020-0427 CVE-2020-0430 CVE-2020-0431 CVE-2020-0432 CVE-2020-12351 CVE-2020-12352 CVE-2020-12693 CVE-2020-14351 CVE-2020-14381 CVE-2020-14390 CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 CVE-2020-16120 CVE-2020-25212 CVE-2020-25284 CVE-2020-25285 CVE-2020-25641 CVE-2020-25643 CVE-2020-25645 CVE-2020-25656 CVE-2020-25668 CVE-2020-25704 CVE-2020-25705 CVE-2020-26088 CVE-2020-27673 CVE-2020-27675 CVE-2020-8694 SUSE-SU-2019:0005-1 SUSE-SU-2020:3273-1 SUSE-SU-2020:3532-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Workstation Extension 15 SP1 SUSE Linux Enterprise Workstation Extension 15 SP2 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information alsa-1.1.5-lp150.4 is installed OR libasound2-1.1.5-lp150.4 is installed OR libasound2-32bit-1.1.5-lp150.4 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information libwireshark9-2.4.15-lp151.2.3 is installed OR libwiretap7-2.4.15-lp151.2.3 is installed OR libwscodecs1-2.4.15-lp151.2.3 is installed OR libwsutil8-2.4.15-lp151.2.3 is installed OR wireshark-2.4.15-lp151.2.3 is installed OR wireshark-devel-2.4.15-lp151.2.3 is installed OR wireshark-ui-qt-2.4.15-lp151.2.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information xorg-x11-libXfixes-7.4-1.16 is installed OR xorg-x11-libXfixes-32bit-7.4-1.16 is installed OR xorg-x11-libXfixes-devel-7.4-1.16 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information MozillaFirefox-38.2.1esr-19 is installed OR MozillaFirefox-branding-SLED-31.0-0.12 is installed OR MozillaFirefox-translations-38.2.1esr-19 is installed OR libfreebl3-3.19.2.0-0.16 is installed OR libfreebl3-32bit-3.19.2.0-0.16 is installed OR libsoftokn3-3.19.2.0-0.16 is installed OR libsoftokn3-32bit-3.19.2.0-0.16 is installed OR mozilla-nss-3.19.2.0-0.16 is installed OR mozilla-nss-32bit-3.19.2.0-0.16 is installed OR mozilla-nss-tools-3.19.2.0-0.16 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND Package Information libXxf86vm1-1.1.3-3 is installed OR libXxf86vm1-32bit-1.1.3-3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information xen-4.5.1_12-2 is installed OR xen-kmp-default-4.5.1_12_k3.12.49_11-2 is installed OR xen-libs-4.5.1_12-2 is installed OR xen-libs-32bit-4.5.1_12-2 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND libmms0-0.6.2-15 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information libblkid1-2.29.2-2 is installed OR libblkid1-32bit-2.29.2-2 is installed OR libfdisk1-2.29.2-2 is installed OR libmount1-2.29.2-2 is installed OR libmount1-32bit-2.29.2-2 is installed OR libsmartcols1-2.29.2-2 is installed OR libuuid-devel-2.29.2-2 is installed OR libuuid1-2.29.2-2 is installed OR libuuid1-32bit-2.29.2-2 is installed OR python-libmount-2.29.2-2 is installed OR util-linux-2.29.2-2 is installed OR util-linux-lang-2.29.2-2 is installed OR util-linux-systemd-2.29.2-2 is installed OR uuidd-2.29.2-2 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information cyrus-sasl-2.1.26-8.7 is installed OR cyrus-sasl-32bit-2.1.26-8.7 is installed OR cyrus-sasl-crammd5-2.1.26-8.7 is installed OR cyrus-sasl-crammd5-32bit-2.1.26-8.7 is installed OR cyrus-sasl-digestmd5-2.1.26-8.7 is installed OR cyrus-sasl-digestmd5-32bit-2.1.26-8.7 is installed OR cyrus-sasl-gssapi-2.1.26-8.7 is installed OR cyrus-sasl-gssapi-32bit-2.1.26-8.7 is installed OR cyrus-sasl-plain-2.1.26-8.7 is installed OR cyrus-sasl-plain-32bit-2.1.26-8.7 is installed OR cyrus-sasl-saslauthd-2.1.26-8.7 is installed OR libsasl2-3-2.1.26-8.7 is installed OR libsasl2-3-32bit-2.1.26-8.7 is installed Definition Synopsis SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed AND Package Information LibVNCServer-0.9.10-4.22 is installed OR LibVNCServer-devel-0.9.10-4.22 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information colord-gtk-lang-0.1.25-3 is installed OR libcolord-gtk1-0.1.25-3 is installed OR libcolord2-1.1.7-5 is installed OR libcolord2-32bit-1.1.7-5 is installed OR libcolorhug2-1.1.7-5 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_67-60_64_21-default-7-3 is installed OR kgraft-patch-3_12_67-60_64_21-xen-7-3 is installed OR kgraft-patch-SLE12-SP1_Update_10-7-3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND squid-3.5.21-23 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information libdcerpc-binding0-4.4.2-38.25 is installed OR libdcerpc-binding0-32bit-4.4.2-38.25 is installed OR libdcerpc0-4.4.2-38.25 is installed OR libdcerpc0-32bit-4.4.2-38.25 is installed OR libndr-krb5pac0-4.4.2-38.25 is installed OR libndr-krb5pac0-32bit-4.4.2-38.25 is installed OR libndr-nbt0-4.4.2-38.25 is installed OR libndr-nbt0-32bit-4.4.2-38.25 is installed OR libndr-standard0-4.4.2-38.25 is installed OR libndr-standard0-32bit-4.4.2-38.25 is installed OR libndr0-4.4.2-38.25 is installed OR libndr0-32bit-4.4.2-38.25 is installed OR libnetapi0-4.4.2-38.25 is installed OR libnetapi0-32bit-4.4.2-38.25 is installed OR libsamba-credentials0-4.4.2-38.25 is installed OR libsamba-credentials0-32bit-4.4.2-38.25 is installed OR libsamba-errors0-4.4.2-38.25 is installed OR libsamba-errors0-32bit-4.4.2-38.25 is installed OR libsamba-hostconfig0-4.4.2-38.25 is installed OR libsamba-hostconfig0-32bit-4.4.2-38.25 is installed OR libsamba-passdb0-4.4.2-38.25 is installed OR libsamba-passdb0-32bit-4.4.2-38.25 is installed OR libsamba-util0-4.4.2-38.25 is installed OR libsamba-util0-32bit-4.4.2-38.25 is installed OR libsamdb0-4.4.2-38.25 is installed OR libsamdb0-32bit-4.4.2-38.25 is installed OR libsmbclient0-4.4.2-38.25 is installed OR libsmbclient0-32bit-4.4.2-38.25 is installed OR libsmbconf0-4.4.2-38.25 is installed OR libsmbconf0-32bit-4.4.2-38.25 is installed OR libsmbldap0-4.4.2-38.25 is installed OR libsmbldap0-32bit-4.4.2-38.25 is installed OR libtevent-util0-4.4.2-38.25 is installed OR libtevent-util0-32bit-4.4.2-38.25 is installed OR libwbclient0-4.4.2-38.25 is installed OR libwbclient0-32bit-4.4.2-38.25 is installed OR samba-4.4.2-38.25 is installed OR samba-client-4.4.2-38.25 is installed OR samba-client-32bit-4.4.2-38.25 is installed OR samba-doc-4.4.2-38.25 is installed OR samba-libs-4.4.2-38.25 is installed OR samba-libs-32bit-4.4.2-38.25 is installed OR samba-winbind-4.4.2-38.25 is installed OR samba-winbind-32bit-4.4.2-38.25 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND ucode-intel-20180807-13.29 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_74-92_35-default-10-2 is installed OR kgraft-patch-SLE12-SP2_Update_12-10-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information gstreamer-1.8.3-9 is installed OR gstreamer-lang-1.8.3-9 is installed OR gstreamer-utils-1.8.3-9 is installed OR libgstreamer-1_0-0-1.8.3-9 is installed OR libgstreamer-1_0-0-32bit-1.8.3-9 is installed OR typelib-1_0-Gst-1_0-1.8.3-9 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND sudo-1.8.20p2-3.14 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND clamav-0.100.3-33.26 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information java-1_8_0-openjdk-1.8.0.222-27.35 is installed OR java-1_8_0-openjdk-demo-1.8.0.222-27.35 is installed OR java-1_8_0-openjdk-devel-1.8.0.222-27.35 is installed OR java-1_8_0-openjdk-headless-1.8.0.222-27.35 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND clamav-0.100.1-33.15 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information e2fsprogs-1.43.8-1 is installed OR libcom_err2-1.43.8-1 is installed OR libcom_err2-32bit-1.43.8-1 is installed OR libext2fs2-1.43.8-1 is installed Definition Synopsis SUSE Linux Enterprise Server for SAP Applications 15 is installed AND Package Information kernel-default-4.12.14-150.63 is installed OR kernel-default-base-4.12.14-150.63 is installed OR kernel-default-devel-4.12.14-150.63 is installed OR kernel-devel-4.12.14-150.63 is installed OR kernel-docs-4.12.14-150.63 is installed OR kernel-macros-4.12.14-150.63 is installed OR kernel-obs-build-4.12.14-150.63 is installed OR kernel-source-4.12.14-150.63 is installed OR kernel-syms-4.12.14-150.63 is installed OR kernel-vanilla-4.12.14-150.63 is installed OR kernel-vanilla-base-4.12.14-150.63 is installed OR reiserfs-kmp-default-4.12.14-150.63 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 is installed AND Package Information libraw-0.18.9-3.5 is installed OR libraw-devel-0.18.9-3.5 is installed OR libraw16-0.18.9-3.5 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 SP1 is installed AND Package Information kernel-default-4.12.14-197.29 is installed OR kernel-default-extra-4.12.14-197.29 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 SP2 is installed AND Package Information kernel-default-5.3.18-24.37 is installed OR kernel-default-extra-5.3.18-24.37 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information ntp-4.2.8p12-64.8 is installed OR ntp-doc-4.2.8p12-64.8 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND cobbler-2.6.6-49.9 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information grafana-4.5.1-4.3 is installed OR kafka-0.9.0.1-5.3 is installed OR logstash-2.4.1-5.4 is installed OR openstack-monasca-installer-20180622_15.06-3.6 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 9 is installed AND python-Werkzeug-0.14.1-3.3 is installed
BACK