Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
patchinfo.5211
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.5211
<patchinfo incident="5211"> <issue tracker="cve" id="2019-15695"/> <issue tracker="cve" id="2019-15694"/> <issue tracker="cve" id="2019-15692"/> <issue tracker="cve" id="2019-15693"/> <issue tracker="cve" id="2019-15691"/> <issue tracker="bnc" id="1159858">VUL-0: CVE-2019-15693: tigervnc: heap buffer overflow in TightDecoder::FilterGradient</issue> <issue tracker="bnc" id="1159860">VUL-0: CVE-2019-15695: tigervnc: stack buffer overflow, which could be triggered from CMsgReader::readSetCurso</issue> <issue tracker="bnc" id="1160250">VUL-0: CVE-2019-15692: tigervnc: improper value checks in CopyRectDecode may lead to heap buffer overflow</issue> <issue tracker="bnc" id="1160251">VUL-0: CVE-2019-15694: tigervnc: improper error handling in processing MemOutStream may lead to heap buffer overflow</issue> <issue tracker="bnc" id="1159856">VUL-0: CVE-2019-15691: tigervnc: stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder</issue> <issue id="1041847" tracker="bnc">Unable to access vnc through browser with default encrypted connection</issue> <issue id="1053373" tracker="bnc">MIT-SHM extension does not work in Xvnc</issue> <issue tracker="bnc" id="1160937">tigervnc update login issues on xvnc</issue> <packager>sndirsch</packager> <rating>important</rating> <category>security</category> <summary>Security update for tigervnc</summary> <description>This update for tigervnc provides the following fixes: Security issues fixed: - CVE-2019-15691: Fixed a use-after-return due to incorrect usage of stack memory in ZRLEDecoder (bsc#1159856). - CVE-2019-15692: Fixed a heap-based buffer overflow in CopyRectDecode (bsc#1160250). - CVE-2019-15693: Fixed a heap-based buffer overflow in TightDecoder::FilterGradient (bsc#1159858). - CVE-2019-15694: Fixed a heap-based buffer overflow, caused by improper error handling in processing MemOutStream (bsc#1160251). - CVE-2019-15695: Fixed a stack-based buffer overflow, which could be triggered from CMsgReader::readSetCursor (bsc#1159860). Non-security issue fixed: - Make sure CN in generated certificate doesn't exceed 64 characters. (bnc#1041847) - Change with-vnc-key.sh to generate TLS certificate using current hostname to keep it short. (bsc#1041847) - Disable MIT-SHM extension when running under user "vnc". (bsc#1053373) </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
