Oval Definition:	oval:org.opensuse.security:def:59659
Revision Date: 2020-12-01 Version: 1 Title: Security update for LibVNCServer (Important) Description: This update for LibVNCServer fixes the following issues: - security update fix CVE-2018-21247 [bsc#1173874], uninitialized memory contents are vulnerable to Information leak fix CVE-2019-20839 [bsc#1173875], buffer overflow in ConnectClientToUnixSock() fix CVE-2019-20840 [bsc#1173876], unaligned accesses in hybiReadAndDecode can lead to denial of service fix CVE-2020-14398 [bsc#1173880], improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c fix CVE-2020-14397 [bsc#1173700], NULL pointer dereference in libvncserver/rfbregion.c fix CVE-2020-14399 [bsc#1173743], Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. fix CVE-2020-14400 [bsc#1173691], Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. fix CVE-2020-14401 [bsc#1173694], potential integer overflows in libvncserver/scale.c fix CVE-2020-14402 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2020-14403 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2020-14404 [bsc#1173701], out-of-bounds access via encodings. fix CVE-2017-18922 [bsc#1173477], preauth buffer overwrite Family: unix Class: patch Status: Reference(s): 1020950 1021364 1024749 1026649 1026650 1027519 1045460 1050469 1078292 1091107 1094508 1098545 1098546 1098998 1102680 1103275 1103276 1103279 1106263 1108813 1110746 1110747 1111014 1111069 1111072 1119553 1119554 1119555 1119556 1119557 1119558 1124211 1126140 1126141 1126192 1126195 1126196 1126197 1126198 1126201 1127400 1133818 1141493 1143797 1146874 1149813 1155787 1167373 1172205 1172265 1173304 1173378 1173380 1173477 1173691 1173694 1173700 1173701 1173743 1173874 1173875 1173876 1173880 1175534 1176343 1176344 1176345 1176346 1176347 1176348 1176349 1176350 CVE-2014-9087 CVE-2016-10165 CVE-2016-4574 CVE-2016-4579 CVE-2016-7586 CVE-2016-7589 CVE-2016-7592 CVE-2016-7599 CVE-2016-7623 CVE-2016-7632 CVE-2016-7635 CVE-2016-7639 CVE-2016-7641 CVE-2016-7645 CVE-2016-7652 CVE-2016-7654 CVE-2016-7656 CVE-2017-12652 CVE-2017-13058 CVE-2017-18922 CVE-2017-2350 CVE-2017-2354 CVE-2017-2355 CVE-2017-2356 CVE-2017-2362 CVE-2017-2363 CVE-2017-2364 CVE-2017-2365 CVE-2017-2366 CVE-2017-2369 CVE-2017-2371 CVE-2017-2373 CVE-2017-2496 CVE-2017-2510 CVE-2017-2518 CVE-2017-2538 CVE-2017-2539 CVE-2017-7018 CVE-2017-7030 CVE-2017-7034 CVE-2017-7037 CVE-2017-7039 CVE-2017-7046 CVE-2017-7048 CVE-2017-7055 CVE-2017-7056 CVE-2017-7061 CVE-2017-7064 CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9106 CVE-2017-9107 CVE-2017-9108 CVE-2017-9109 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12368 CVE-2018-12599 CVE-2018-12600 CVE-2018-14574 CVE-2018-15468 CVE-2018-15468 CVE-2018-15469 CVE-2018-15470 CVE-2018-16435 CVE-2018-17963 CVE-2018-17963 CVE-2018-17965 CVE-2018-17966 CVE-2018-18016 CVE-2018-18024 CVE-2018-21247 CVE-2018-3646 CVE-2018-4437 CVE-2018-4438 CVE-2018-4441 CVE-2018-4442 CVE-2018-4443 CVE-2018-4464 CVE-2018-5156 CVE-2018-5188 CVE-2019-11091 CVE-2019-12068 CVE-2019-14378 CVE-2019-15890 CVE-2019-17340 CVE-2019-17341 CVE-2019-17342 CVE-2019-17343 CVE-2019-17344 CVE-2019-17345 CVE-2019-17346 CVE-2019-17347 CVE-2019-17348 CVE-2019-18860 CVE-2019-20839 CVE-2019-20840 CVE-2019-7317 CVE-2020-0543 CVE-2020-14059 CVE-2020-14364 CVE-2020-14397 CVE-2020-14398 CVE-2020-14399 CVE-2020-14400 CVE-2020-14401 CVE-2020-14402 CVE-2020-14403 CVE-2020-14404 CVE-2020-15565 CVE-2020-15567 CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25599 CVE-2020-25600 CVE-2020-25601 CVE-2020-25603 CVE-2020-25604 SUSE-SU-2017:2933-1 SUSE-SU-2018:3191-1 SUSE-SU-2018:3490-1 SUSE-SU-2018:3545-1 SUSE-SU-2018:3549-1 SUSE-SU-2019:2769-1 SUSE-SU-2019:3060-2 SUSE-SU-2020:1612-1 SUSE-SU-2020:2167-1 SUSE-SU-2020:2822-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND python3-urllib3-1.22-lp150.4 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information evince-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR evince-devel-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR evince-lang-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR evince-plugin-comicsdocument-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR evince-plugin-djvudocument-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR evince-plugin-dvidocument-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR evince-plugin-pdfdocument-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR evince-plugin-psdocument-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR evince-plugin-tiffdocument-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR evince-plugin-xpsdocument-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR libevdocument3-4-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR libevview3-3-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR nautilus-evince-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR typelib-1_0-EvinceDocument-3_0-3.26.0+20180128.1bd86963-lp151.4.6 is installed OR typelib-1_0-EvinceView-3_0-3.26.0+20180128.1bd86963-lp151.4.6 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information LibVNCServer-0.9.9-17.31 is installed OR libvncclient0-0.9.9-17.31 is installed OR libvncserver0-0.9.9-17.31 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information MozillaFirefox-52.9.0esr-109.38 is installed OR MozillaFirefox-devel-52.9.0esr-109.38 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND libksba8-1.3.0-23 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information curl-7.37.0-37.43 is installed OR libcurl4-7.37.0-37.43 is installed OR libcurl4-32bit-7.37.0-37.43 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information curl-7.37.0-37.43 is installed OR libcurl4-7.37.0-37.43 is installed OR libcurl4-32bit-7.37.0-37.43 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND ucode-intel-20191112-13.53 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information java-1_7_1-ibm-1.7.1_sr4.30-38.26 is installed OR java-1_7_1-ibm-alsa-1.7.1_sr4.30-38.26 is installed OR java-1_7_1-ibm-jdbc-1.7.1_sr4.30-38.26 is installed OR java-1_7_1-ibm-plugin-1.7.1_sr4.30-38.26 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information cpio-2.11-36.3 is installed OR cpio-lang-2.11-36.3 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND python-Django-1.11.11-3.3 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information xen-4.9.4_04-3.56 is installed OR xen-doc-html-4.9.4_04-3.56 is installed OR xen-libs-4.9.4_04-3.56 is installed OR xen-libs-32bit-4.9.4_04-3.56 is installed OR xen-tools-4.9.4_04-3.56 is installed OR xen-tools-domU-4.9.4_04-3.56 is installed
BACK