Oval Definition:oval:org.opensuse.security:def:53045
Revision Date:2020-12-01Version:1
Title:Security update for LibVNCServer (Important)
Description:

This update for LibVNCServer fixes the following issues:

- security update - added patches fix CVE-2018-21247 [bsc#1173874], uninitialized memory contents are vulnerable to Information leak + LibVNCServer-CVE-2018-21247.patch fix CVE-2019-20839 [bsc#1173875], buffer overflow in ConnectClientToUnixSock() + LibVNCServer-CVE-2019-20839.patch fix CVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode can lead to denial of service + LibVNCServer-CVE-2019-20840.patch fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c + LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c + LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. + LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. + LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c + LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings. + LibVNCServer-CVE-2020-14402,14403,14404.patch fix CVE-2017-18922 [bsc#1173477], preauth buffer overwrite
Family:unixClass:patch
Status:Reference(s):1111622
1173477
1173691
1173694
1173700
1173701
1173743
1173874
1173875
1173876
1173880
578053
930622
939460
945842
952151
953831
954002
954204
955382
962765
964468
966220
966435
966436
968771
972468
CVE-2007-4772
CVE-2009-0790
CVE-2009-1886
CVE-2009-1888
CVE-2009-2813
CVE-2009-2906
CVE-2009-2948
CVE-2010-0547
CVE-2010-0728
CVE-2010-0750
CVE-2010-0787
CVE-2010-4000
CVE-2010-4651
CVE-2011-1485
CVE-2011-1761
CVE-2012-1586
CVE-2012-2388
CVE-2013-2944
CVE-2013-4233
CVE-2013-4234
CVE-2013-4288
CVE-2013-5018
CVE-2013-6075
CVE-2013-6076
CVE-2014-2338
CVE-2014-8139
CVE-2014-8140
CVE-2014-8141
CVE-2014-9221
CVE-2014-9636
CVE-2015-0797
CVE-2015-1196
CVE-2015-1395
CVE-2015-1396
CVE-2015-2698
CVE-2015-2708
CVE-2015-2709
CVE-2015-2710
CVE-2015-2713
CVE-2015-2716
CVE-2015-3218
CVE-2015-3228
CVE-2015-3255
CVE-2015-3256
CVE-2015-4171
CVE-2015-4625
CVE-2015-5276
CVE-2015-8023
CVE-2015-8079
CVE-2016-0636
CVE-2016-0766
CVE-2016-0773
CVE-2016-10713
CVE-2017-18922
CVE-2018-1000156
CVE-2018-18074
CVE-2018-21247
CVE-2018-6951
CVE-2019-20839
CVE-2019-20840
CVE-2020-14397
CVE-2020-14398
CVE-2020-14399
CVE-2020-14400
CVE-2020-14401
CVE-2020-14402
SUSE-SU-2015:0960-1
SUSE-SU-2015:2302-1
SUSE-SU-2016:0555-1
SUSE-SU-2016:0959-1
SUSE-SU-2016:0963-1
SUSE-SU-2019:1487-1
SUSE-SU-2020:1922-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Module for additional PackageHub packages 15 SP2
SUSE Linux Enterprise Module for Python2 packages 15 SP1
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 6
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND libgraphite2-3-1.3.11-lp150.2 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • exim-4.88-lp151.4.6 is installed
  • OR eximon-4.88-lp151.4.6 is installed
  • OR eximstats-html-4.88-lp151.4.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP2 is installed
  • AND Package Information
  • Mesa-7.11.2-0.9 is installed
  • OR Mesa-32bit-7.11.2-0.9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • bash-3.2-147.22 is installed
  • OR bash-doc-3.2-147.22 is installed
  • OR libreadline5-5.2-147.22 is installed
  • OR libreadline5-32bit-5.2-147.22 is installed
  • OR readline-doc-5.2-147.22 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND Package Information
  • bind-9.9.6P1-0.19 is installed
  • OR bind-libs-9.9.6P1-0.19 is installed
  • OR bind-libs-32bit-9.9.6P1-0.19 is installed
  • OR bind-utils-9.9.6P1-0.19 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND Package Information
  • MozillaFirefox-31.7.0esr-34 is installed
  • OR MozillaFirefox-translations-31.7.0esr-34 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND unzip-6.00-32 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND Package Information
  • ghostscript-9.15-6 is installed
  • OR ghostscript-x11-9.15-6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • gnome-shell-3.20.4-76 is installed
  • OR gnome-shell-browser-plugin-3.20.4-76 is installed
  • OR gnome-shell-calendar-3.20.4-76 is installed
  • OR gnome-shell-lang-3.20.4-76 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND cifs-utils-6.5-9.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for additional PackageHub packages 15 SP2 is installed
  • AND Package Information
  • LibVNCServer-0.9.10-4.22 is installed
  • OR libvncserver0-0.9.10-4.22 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Python2 packages 15 SP1 is installed
  • AND Package Information
  • python-requests-2.20.1-6.3 is installed
  • OR python2-requests-2.20.1-6.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND hardlink-1.0-6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_74-60_64_48-default-2-2 is installed
  • OR kgraft-patch-3_12_74-60_64_48-xen-2-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_17-2-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • cpio-2.11-29 is installed
  • OR cpio-lang-2.11-29 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • ghostscript-9.26a-23.19 is installed
  • OR ghostscript-x11-9.26a-23.19 is installed
  • OR libspectre-0.2.7-12.6 is installed
  • OR libspectre1-0.2.7-12.6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • cups-filters-1.0.58-15.2 is installed
  • OR cups-filters-cups-browsed-1.0.58-15.2 is installed
  • OR cups-filters-foomatic-rip-1.0.58-15.2 is installed
  • OR cups-filters-ghostscript-1.0.58-15.2 is installed
  • OR libqpdf18-7.1.1-3.3 is installed
  • OR qpdf-7.1.1-3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • kgraft-patch-4_4_114-92_67-default-6-2 is installed
  • OR kgraft-patch-SLE12-SP2_Update_19-6-2 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND
  • kernel-default-4.4.180-94.100 is installed
  • OR kernel-default-base-4.4.180-94.100 is installed
  • OR kernel-default-devel-4.4.180-94.100 is installed
  • OR kernel-default-man-4.4.180-94.100 is installed
  • OR kernel-devel-4.4.180-94.100 is installed
  • OR kernel-macros-4.4.180-94.100 is installed
  • OR kernel-source-4.4.180-94.100 is installed
  • OR kernel-syms-4.4.180-94.100 is installed
  • OR kgraft-patch-4_4_180-94_100-default-1-4.3 is installed
  • OR kgraft-patch-SLE12-SP3_Update_27-1-4.3 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND
  • kernel-default-4.4.180-94.100 is installed
  • OR kernel-default-base-4.4.180-94.100 is installed
  • OR kernel-default-devel-4.4.180-94.100 is installed
  • OR kernel-default-man-4.4.180-94.100 is installed
  • OR kernel-devel-4.4.180-94.100 is installed
  • OR kernel-macros-4.4.180-94.100 is installed
  • OR kernel-source-4.4.180-94.100 is installed
  • OR kernel-syms-4.4.180-94.100 is installed
  • OR kgraft-patch-4_4_180-94_100-default-1-4.3 is installed
  • OR kgraft-patch-SLE12-SP3_Update_27-1-4.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • libXfixes3-5.0.1-7 is installed
  • OR libXfixes3-32bit-5.0.1-7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • curl-7.37.0-37.43 is installed
  • OR libcurl4-7.37.0-37.43 is installed
  • OR libcurl4-32bit-7.37.0-37.43 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • glibc-2.22-62.22 is installed
  • OR glibc-32bit-2.22-62.22 is installed
  • OR glibc-devel-2.22-62.22 is installed
  • OR glibc-devel-32bit-2.22-62.22 is installed
  • OR glibc-html-2.22-62.22 is installed
  • OR glibc-i18ndata-2.22-62.22 is installed
  • OR glibc-info-2.22-62.22 is installed
  • OR glibc-locale-2.22-62.22 is installed
  • OR glibc-locale-32bit-2.22-62.22 is installed
  • OR glibc-profile-2.22-62.22 is installed
  • OR glibc-profile-32bit-2.22-62.22 is installed
  • OR nscd-2.22-62.22 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • ntp-4.2.8p12-64.8 is installed
  • OR ntp-doc-4.2.8p12-64.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • cups-filters-1.0.58-19.2 is installed
  • OR cups-filters-cups-browsed-1.0.58-19.2 is installed
  • OR cups-filters-foomatic-rip-1.0.58-19.2 is installed
  • OR cups-filters-ghostscript-1.0.58-19.2 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND Package Information
  • openstack-ironic-4.2.3~a0~dev14-1 is installed
  • OR openstack-ironic-api-4.2.3~a0~dev14-1 is installed
  • OR openstack-ironic-conductor-4.2.3~a0~dev14-1 is installed
  • OR python-ironic-4.2.3~a0~dev14-1 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • libjpeg-turbo-1.5.3-31.19 is installed
  • OR libjpeg62-62.2.0-31.19 is installed
  • OR libjpeg62-32bit-62.2.0-31.19 is installed
  • OR libjpeg62-turbo-1.5.3-31.19 is installed
  • OR libjpeg8-8.1.2-31.19 is installed
  • OR libjpeg8-32bit-8.1.2-31.19 is installed
  • OR libturbojpeg0-8.1.2-31.19 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND python-cryptography-2.0.3-3.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 9 is installed
  • AND python-Werkzeug-0.14.1-3.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • postgresql96-9.6.17-3.33 is installed
  • OR postgresql96-contrib-9.6.17-3.33 is installed
  • OR postgresql96-docs-9.6.17-3.33 is installed
  • OR postgresql96-libs-9.6.17-3.33 is installed
  • OR postgresql96-plperl-9.6.17-3.33 is installed
  • OR postgresql96-plpython-9.6.17-3.33 is installed
  • OR postgresql96-pltcl-9.6.17-3.33 is installed
  • OR postgresql96-server-9.6.17-3.33 is installed
    • BACK