Oval Definition:	oval:org.opensuse.security:def:53897
Revision Date: 2020-12-01 Version: 1 Title: Security update for LibVNCServer (Important) Description: This update for LibVNCServer fixes the following issues: - security update - added patches fix CVE-2018-21247 [bsc#1173874], uninitialized memory contents are vulnerable to Information leak + LibVNCServer-CVE-2018-21247.patch fix CVE-2019-20839 [bsc#1173875], buffer overflow in ConnectClientToUnixSock() + LibVNCServer-CVE-2019-20839.patch fix CVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode can lead to denial of service + LibVNCServer-CVE-2019-20840.patch fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c + LibVNCServer-CVE-2020-14398.patch fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c + LibVNCServer-CVE-2020-14397.patch fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. + LibVNCServer-CVE-2020-14399.patch fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. + LibVNCServer-CVE-2020-14400.patch fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c + LibVNCServer-CVE-2020-14401.patch fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings. + LibVNCServer-CVE-2020-14402,14403,14404.patch fix CVE-2017-18922 [bsc#1173477], preauth buffer overwrite Family: unix Class: patch Status: Reference(s): 1002414 1005778 1005780 1005781 1007739 1007740 1007741 1007742 1007743 1007744 1007747 1009062 1012382 1014543 1014975 1015336 1015337 1015340 1015342 1015343 1022604 1022743 1024296 1024532 1024536 1031492 1034539 1036215 1043598 1044596 1056415 1056427 1060799 1064715 1064716 1068032 1075087 1075091 1075994 1076263 1078497 1078701 1079096 1080157 1082153 1082216 1082233 1082234 1082299 1082485 1082962 1083125 1083635 1083650 1083900 1084721 1085058 1085185 1085511 1085958 1087082 1088242 1088865 1089023 1089115 1089198 1089393 1089608 1089644 1089752 1089895 1089925 1090225 1090638 1090643 1090658 1090663 1090708 1090718 1090734 1090953 1091041 1091325 1091728 1091925 1091960 1092061 1092289 1092497 1092566 1092904 1093008 1093144 1093215 1094019 1173477 1173691 1173694 1173700 1173701 1173743 1173874 1173875 1173876 1173880 802154 814440 867595 904017 904348 905959 916897 916914 921949 924493 930145 933514 935961 936076 936773 939826 939926 940853 941202 941867 942938 944749 945626 946078 947241 947321 947478 948521 948685 948831 949100 949463 949504 949706 949744 950013 950750 950862 950998 951110 951165 951199 951440 951546 952666 952758 953796 953980 954635 955148 955224 955422 955533 955644 956047 956053 956703 956711 966170 966172 966186 966191 966822 969476 969477 981348 999817 CVE-2007-5970 CVE-2008-7247 CVE-2009-2473 CVE-2009-2474 CVE-2009-4019 CVE-2009-4028 CVE-2009-4030 CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 CVE-2010-5298 CVE-2011-2896 CVE-2012-3236 CVE-2012-5576 CVE-2012-5615 CVE-2013-1976 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-1829 CVE-2014-1830 CVE-2014-2494 CVE-2014-3470 CVE-2014-3636 CVE-2014-4207 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6474 CVE-2014-6478 CVE-2014-6484 CVE-2014-6489 CVE-2014-6491 CVE-2014-6494 CVE-2014-6495 CVE-2014-6496 CVE-2014-6500 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 CVE-2014-6564 CVE-2014-6568 CVE-2014-7824 CVE-2014-8964 CVE-2015-0272 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0391 CVE-2015-0411 CVE-2015-0432 CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-1545 CVE-2015-1546 CVE-2015-2296 CVE-2015-2325 CVE-2015-2326 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-2925 CVE-2015-3152 CVE-2015-4792 CVE-2015-4802 CVE-2015-4807 CVE-2015-4815 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4913 CVE-2015-5283 CVE-2015-5307 CVE-2015-5969 CVE-2015-7799 CVE-2015-7872 CVE-2015-7990 CVE-2015-8104 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 CVE-2016-0640 CVE-2016-0641 CVE-2016-0642 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0651 CVE-2016-0655 CVE-2016-0666 CVE-2016-0668 CVE-2016-0729 CVE-2016-2047 CVE-2016-3477 CVE-2016-3492 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 CVE-2016-5584 CVE-2016-5624 CVE-2016-5626 CVE-2016-5629 CVE-2016-6662 CVE-2016-6663 CVE-2016-6664 CVE-2016-7440 CVE-2016-7445 CVE-2016-8283 CVE-2016-8332 CVE-2016-9112 CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 CVE-2016-9572 CVE-2016-9573 CVE-2016-9580 CVE-2016-9581 CVE-2017-10268 CVE-2017-10320 CVE-2017-10365 CVE-2017-10378 CVE-2017-13089 CVE-2017-13090 CVE-2017-15365 CVE-2017-17833 CVE-2017-18922 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3257 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3302 CVE-2017-3308 CVE-2017-3309 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 CVE-2017-3636 CVE-2017-3641 CVE-2017-3653 CVE-2018-0494 CVE-2018-1000199 CVE-2018-10087 CVE-2018-10124 CVE-2018-1065 CVE-2018-1130 CVE-2018-21247 CVE-2018-2562 CVE-2018-2612 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-2755 CVE-2018-2759 CVE-2018-2761 CVE-2018-2766 CVE-2018-2767 CVE-2018-2771 CVE-2018-2777 CVE-2018-2781 CVE-2018-2782 CVE-2018-2784 CVE-2018-2786 CVE-2018-2787 CVE-2018-2810 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 CVE-2018-3058 CVE-2018-3060 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 CVE-2018-3639 CVE-2018-5803 CVE-2018-6381 CVE-2018-6484 CVE-2018-6540 CVE-2018-6797 CVE-2018-6798 CVE-2018-6913 CVE-2018-7492 CVE-2018-8781 CVE-2019-20839 CVE-2019-20840 CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 SUSE-SU-2015:1077-1 SUSE-SU-2015:2194-1 SUSE-SU-2016:1026-1 SUSE-SU-2016:3270-1 SUSE-SU-2017:2871-2 SUSE-SU-2018:0548-1 SUSE-SU-2018:1074-1 SUSE-SU-2018:1366-1 SUSE-SU-2018:1373-1 SUSE-SU-2018:2991-1 SUSE-SU-2020:1922-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Workstation Extension 15 SP2 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND Package Information gpgme-1.10.0-lp150.2 is installed OR libgpgme11-1.10.0-lp150.2 is installed OR libgpgmepp6-1.10.0-lp150.2 is installed OR libqgpgme7-1.10.0-lp150.2 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information graphviz-2.40.1-lp151.6.3 is installed OR graphviz-addons-2.40.1-lp151.6.3 is installed OR graphviz-devel-2.40.1-lp151.6.3 is installed OR graphviz-doc-2.40.1-lp151.6.3 is installed OR graphviz-gd-2.40.1-lp151.6.3 is installed OR graphviz-gnome-2.40.1-lp151.6.3 is installed OR graphviz-guile-2.40.1-lp151.6.3 is installed OR graphviz-gvedit-2.40.1-lp151.6.3 is installed OR graphviz-java-2.40.1-lp151.6.3 is installed OR graphviz-lua-2.40.1-lp151.6.3 is installed OR graphviz-perl-2.40.1-lp151.6.3 is installed OR graphviz-php-2.40.1-lp151.6.3 is installed OR graphviz-plugins-core-2.40.1-lp151.6.3 is installed OR graphviz-python-2.40.1-lp151.6.3 is installed OR graphviz-ruby-2.40.1-lp151.6.3 is installed OR graphviz-smyrna-2.40.1-lp151.6.3 is installed OR graphviz-tcl-2.40.1-lp151.6.3 is installed OR libgraphviz6-2.40.1-lp151.6.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information flash-player-11.2.202.336-0.3 is installed OR flash-player-gnome-11.2.202.336-0.3 is installed OR flash-player-kde4-11.2.202.336-0.3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND a2ps-4.13-1326.37 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information libgcrypt-1.5.0-0.19 is installed OR libgcrypt11-1.5.0-0.19 is installed OR libgcrypt11-32bit-1.5.0-0.19 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND Package Information gimp-2.8.10-1 is installed OR gimp-lang-2.8.10-1 is installed OR gimp-plugins-python-2.8.10-1 is installed OR libgimp-2_0-0-2.8.10-1 is installed OR libgimpui-2_0-0-2.8.10-1 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information libxerces-c-3_1-3.1.1-7 is installed OR libxerces-c-3_1-32bit-3.1.1-7 is installed OR xerces-c-3.1.1-7 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information libopenjp2-7-2.1.0-3 is installed OR openjpeg2-2.1.0-3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information openslp-2.0.0-18.17 is installed OR openslp-32bit-2.0.0-18.17 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND libneon27-0.30.0-3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information dbus-1-1.8.16-14 is installed OR dbus-1-x11-1.8.16-14 is installed OR libdbus-1-3-1.8.16-14 is installed OR libdbus-1-3-32bit-1.8.16-14 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_67-60_64_21-default-9-2 is installed OR kgraft-patch-3_12_67-60_64_21-xen-9-2 is installed OR kgraft-patch-SLE12-SP1_Update_10-9-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND logwatch-7.4.3-15 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information MozillaFirefox-68.8.0-109.119 is installed OR MozillaFirefox-devel-68.8.0-109.119 is installed OR MozillaFirefox-translations-common-68.8.0-109.119 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kgraft-patch-4_4_103-92_53-default-10-2 is installed OR kgraft-patch-SLE12-SP2_Update_16-10-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_90-92_50-default-7-2 is installed OR kgraft-patch-SLE12-SP2_Update_15-7-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND kbd-1.15.5-8.7 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information kgraft-patch-4_4_162-94_69-default-7-2 is installed OR kgraft-patch-SLE12-SP3_Update_21-7-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_162-94_69-default-6-2 is installed OR kgraft-patch-SLE12-SP3_Update_21-6-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information curl-7.37.0-37.26 is installed OR libcurl4-7.37.0-37.26 is installed OR libcurl4-32bit-7.37.0-37.26 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information apache2-2.4.23-29.24 is installed OR apache2-doc-2.4.23-29.24 is installed OR apache2-example-pages-2.4.23-29.24 is installed OR apache2-prefork-2.4.23-29.24 is installed OR apache2-utils-2.4.23-29.24 is installed OR apache2-worker-2.4.23-29.24 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 SP2 is installed AND Package Information LibVNCServer-0.9.10-4.22 is installed OR libvncclient0-0.9.10-4.22 is installed OR libvncserver0-0.9.10-4.22 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND ruby2.1-rubygem-rack-1.6.4-2 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information libmariadb3-3.0.7-1.6 is installed OR mariadb-10.2.22-10 is installed OR mariadb-client-10.2.22-10 is installed OR mariadb-connector-c-3.0.7-1.6 is installed OR mariadb-errormessages-10.2.22-10 is installed OR mariadb-galera-10.2.22-10 is installed OR mariadb-tools-10.2.22-10 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information ghostscript-9.27-23.31 is installed OR ghostscript-x11-9.27-23.31 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information kafka-0.10.2.2-5.6 is installed OR openstack-monasca-api-2.2.1~dev24-3.6 is installed OR python-monasca-api-2.2.1~dev24-3.6 is installed
BACK