openSUSE-SU-2020:0087

https://github.com/CendioOssman/tigervnc/commit/b4ada8d0c6dac98c8b91fc64d112569a8ae5fb95

https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1

[oss-security] 20191220 VNC vulnerabilities. TigerVNC security update

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has tigervnc packages installed that are affected by multiple vulnerabilities:

  - TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect     usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to     access stack variable, which has been already freed during the process of stack unwinding. Exploitation of     this vulnerability could potentially result into remote code execution. This attack appear to be     exploitable via network connectivity. (CVE-2019-15691)

  - TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered     from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially     result into remote code execution. This attack appear to be exploitable via network connectivity.
    (CVE-2019-15692)

  - TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in     TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code     execution. This attack appear to be exploitable via network connectivity. (CVE-2019-15693)

  - TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from     DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream.
    Exploitation of this vulnerability could potentially result into remote code execution. This attack appear     to be exploitable via network connectivity. (CVE-2019-15694)

  - TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from     CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat.
    Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation     of this vulnerability could potentially result into remote code execution. This attack appear to be     exploitable via network connectivity. (CVE-2019-15695)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the tigervnc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - TigerVNC version prior to 1.10.1 is vulnerable to stack     use-after-return, which occurs due to incorrect usage     of stack memory in ZRLEDecoder. If decoding routine     would throw an exception, ZRLEDecoder may try to access     stack variable, which has been already freed during the     process of stack unwinding. Exploitation of this     vulnerability could potentially result into remote code     execution. This attack appear to be exploitable via     network connectivity.(CVE-2019-15691)

  - TigerVNC version prior to 1.10.1 is vulnerable to heap     buffer overflow. Vulnerability could be triggered from     CopyRectDecoder due to incorrect value checks.
    Exploitation of this vulnerability could potentially     result into remote code execution. This attack appear     to be exploitable via network     connectivity.(CVE-2019-15692)

  - TigerVNC version prior to 1.10.1 is vulnerable to heap     buffer overflow, which occurs in     TightDecoder::FilterGradient. Exploitation of this     vulnerability could potentially result into remote code     execution. This attack appear to be exploitable via     network connectivity.(CVE-2019-15693)

  - TigerVNC version prior to 1.10.1 is vulnerable to heap     buffer overflow, which could be triggered from     DecodeManager::decodeRect. Vulnerability occurs due to     the signdness error in processing MemOutStream.
    Exploitation of this vulnerability could potentially     result into remote code execution. This attack appear     to be exploitable via network     connectivity.(CVE-2019-15694)

  - TigerVNC version prior to 1.10.1 is vulnerable to stack     buffer overflow, which could be triggered from     CMsgReader::readSetCursor. This vulnerability occurs     due to insufficient sanitization of PixelFormat. Since     remote attacker can choose offset from start of the     buffer to start writing his values, exploitation of     this vulnerability could potentially result into remote     code execution. This attack appear to be exploitable     via network connectivity.(CVE-2019-15695)

  - In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in     TigerVNC before 1.11.0, viewers mishandle TLS     certificate exceptions. They store the certificates as     authorities, meaning that the owner of a certificate     could impersonate any server after a client had added     an exception.(CVE-2020-26117)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the tigervnc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in     TigerVNC before 1.11.0, viewers mishandle TLS     certificate exceptions. They store the certificates as     authorities, meaning that the owner of a certificate     could impersonate any server after a client had added     an exception.(CVE-2020-26117)

  - TigerVNC version prior to 1.10.1 is vulnerable to stack     use-after-return, which occurs due to incorrect usage     of stack memory in ZRLEDecoder. If decoding routine     would throw an exception, ZRLEDecoder may try to access     stack variable, which has been already freed during the     process of stack unwinding. Exploitation of this     vulnerability could potentially result into remote code     execution. This attack appear to be exploitable via     network connectivity.(CVE-2019-15691)

  - TigerVNC version prior to 1.10.1 is vulnerable to heap     buffer overflow. Vulnerability could be triggered from     CopyRectDecoder due to incorrect value checks.
    Exploitation of this vulnerability could potentially     result into remote code execution. This attack appear     to be exploitable via network     connectivity.(CVE-2019-15692)

  - TigerVNC version prior to 1.10.1 is vulnerable to heap     buffer overflow, which occurs in     TightDecoder::FilterGradient. Exploitation of this     vulnerability could potentially result into remote code     execution. This attack appear to be exploitable via     network connectivity.(CVE-2019-15693)

  - TigerVNC version prior to 1.10.1 is vulnerable to heap     buffer overflow, which could be triggered from     DecodeManager::decodeRect. Vulnerability occurs due to     the signdness error in processing MemOutStream.
    Exploitation of this vulnerability could potentially     result into remote code execution. This attack appear     to be exploitable via network     connectivity.(CVE-2019-15694)

  - TigerVNC version prior to 1.10.1 is vulnerable to stack     buffer overflow, which could be triggered from     CMsgReader::readSetCursor. This vulnerability occurs     due to insufficient sanitization of PixelFormat. Since     remote attacker can choose offset from start of the     buffer to start writing his values, exploitation of     this vulnerability could potentially result into remote     code execution. This attack appear to be exploitable     via network connectivity.(CVE-2019-15695)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:1497 advisory.

  - tigervnc: Stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder (CVE-2019-15691)

  - tigervnc: Heap buffer overflow triggered from CopyRectDecoder due to incorrect value checks     (CVE-2019-15692)

  - tigervnc: Heap buffer overflow in TightDecoder::FilterGradient (CVE-2019-15693)

  - tigervnc: Heap buffer overflow in DecodeManager::decodeRect (CVE-2019-15694)

  - tigervnc: Stack buffer overflow in CMsgReader::readSetCursor (CVE-2019-15695)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of tigervnc installed on the remote host is prior to 1.8.0-21.34. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1470 advisory.

  - TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect     usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to     access stack variable, which has been already freed during the process of stack unwinding. Exploitation of     this vulnerability could potentially result into remote code execution. This attack appear to be     exploitable via network connectivity. (CVE-2019-15691)

  - TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered     from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially     result into remote code execution. This attack appear to be exploitable via network connectivity.
    (CVE-2019-15692)

  - TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in     TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code     execution. This attack appear to be exploitable via network connectivity. (CVE-2019-15693)

  - TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from     DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream.
    Exploitation of this vulnerability could potentially result into remote code execution. This attack appear     to be exploitable via network connectivity. (CVE-2019-15694)

  - TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from     CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat.
    Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation     of this vulnerability could potentially result into remote code execution. This attack appear to be     exploitable via network connectivity. (CVE-2019-15695)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1470 advisory.

  - TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect     usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to     access stack variable, which has been already freed during the process of stack unwinding. Exploitation of     this vulnerability could potentially result into remote code execution. This attack appear to be     exploitable via network connectivity. (CVE-2019-15691)

  - TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered     from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially     result into remote code execution. This attack appear to be exploitable via network connectivity.
    (CVE-2019-15692)

  - TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in     TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code     execution. This attack appear to be exploitable via network connectivity. (CVE-2019-15693)

  - TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from     DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream.
    Exploitation of this vulnerability could potentially result into remote code execution. This attack appear     to be exploitable via network connectivity. (CVE-2019-15694)

  - TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from     CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat.
    Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation     of this vulnerability could potentially result into remote code execution. This attack appear to be     exploitable via network connectivity. (CVE-2019-15695)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

This plugin has been deprecated due to Amazon pulling the previously published advisory.

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1552 advisory.

  - TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect     usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to     access stack variable, which has been already freed during the process of stack unwinding. Exploitation of     this vulnerability could potentially result into remote code execution. This attack appear to be     exploitable via network connectivity. (CVE-2019-15691)

  - TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered     from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially     result into remote code execution. This attack appear to be exploitable via network connectivity.
    (CVE-2019-15692)

  - TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in     TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code     execution. This attack appear to be exploitable via network connectivity. (CVE-2019-15693)

  - TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from     DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream.
    Exploitation of this vulnerability could potentially result into remote code execution. This attack appear     to be exploitable via network connectivity. (CVE-2019-15694)

  - TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from     CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat.
    Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation     of this vulnerability could potentially result into remote code execution. This attack appear to be     exploitable via network connectivity. (CVE-2019-15695)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Security Fix(es) :

  - tigervnc: Stack use-after-return due to incorrect usage     of stack memory in ZRLEDecoder (CVE-2019-15691)

  - tigervnc: Heap buffer overflow triggered from     CopyRectDecoder due to incorrect value checks     (CVE-2019-15692)

  - tigervnc: Heap buffer overflow in     TightDecoder::FilterGradient (CVE-2019-15693)

  - tigervnc: Heap buffer overflow in     DecodeManager::decodeRect (CVE-2019-15694)

  - tigervnc: Stack buffer overflow in     CMsgReader::readSetCursor (CVE-2019-15695)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:3875 advisory.

  - tigervnc: Stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder (CVE-2019-15691)

  - tigervnc: Heap buffer overflow triggered from CopyRectDecoder due to incorrect value checks     (CVE-2019-15692)

  - tigervnc: Heap buffer overflow in TightDecoder::FilterGradient (CVE-2019-15693)

  - tigervnc: Heap buffer overflow in DecodeManager::decodeRect (CVE-2019-15694)

  - tigervnc: Stack buffer overflow in CMsgReader::readSetCursor (CVE-2019-15695)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-3875 advisory.

  - TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect     usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to     access stack variable, which has been already freed during the process of stack unwinding. Exploitation of     this vulnerability could potentially result into remote code execution. This attack appear to be     exploitable via network connectivity. (CVE-2019-15691)

  - TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered     from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially     result into remote code execution. This attack appear to be exploitable via network connectivity.
    (CVE-2019-15692)

  - TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in     TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code     execution. This attack appear to be exploitable via network connectivity. (CVE-2019-15693)

  - TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from     DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream.
    Exploitation of this vulnerability could potentially result into remote code execution. This attack appear     to be exploitable via network connectivity. (CVE-2019-15694)

  - TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from     CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat.
    Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation     of this vulnerability could potentially result into remote code execution. This attack appear to be     exploitable via network connectivity. (CVE-2019-15695)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3875 advisory.

  - tigervnc: Stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder (CVE-2019-15691)

  - tigervnc: Heap buffer overflow triggered from CopyRectDecoder due to incorrect value checks     (CVE-2019-15692)

  - tigervnc: Heap buffer overflow in TightDecoder::FilterGradient (CVE-2019-15693)

  - tigervnc: Heap buffer overflow in DecodeManager::decodeRect (CVE-2019-15694)

  - tigervnc: Stack buffer overflow in CMsgReader::readSetCursor (CVE-2019-15695)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the tigervnc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - TigerVNC version prior to 1.10.1 is vulnerable to stack     use-after-return, which occurs due to incorrect usage     of stack memory in ZRLEDecoder. If decoding routine     would throw an exception, ZRLEDecoder may try to access     stack variable, which has been already freed during the     process of stack unwinding. Exploitation of this     vulnerability could potentially result into remote code     execution. This attack appear to be exploitable via     network connectivity.(CVE-2019-15691)

  - TigerVNC version prior to 1.10.1 is vulnerable to heap     buffer overflow. Vulnerability could be triggered from     CopyRectDecoder due to incorrect value checks.
    Exploitation of this vulnerability could potentially     result into remote code execution. This attack appear     to be exploitable via network     connectivity.(CVE-2019-15692)

  - TigerVNC version prior to 1.10.1 is vulnerable to heap     buffer overflow, which occurs in     TightDecoder::FilterGradient. Exploitation of this     vulnerability could potentially result into remote code     execution. This attack appear to be exploitable via     network connectivity.(CVE-2019-15693)

  - TigerVNC version prior to 1.10.1 is vulnerable to heap     buffer overflow, which could be triggered from     DecodeManager::decodeRect. Vulnerability occurs due to     the signdness error in processing MemOutStream.
    Exploitation of this vulnerability could potentially     result into remote code execution. This attack appear     to be exploitable via network     connectivity.(CVE-2019-15694)

  - TigerVNC version prior to 1.10.1 is vulnerable to stack     buffer overflow, which could be triggered from     CMsgReader::readSetCursor. This vulnerability occurs     due to insufficient sanitization of PixelFormat. Since     remote attacker can choose offset from start of the     buffer to start writing his values, exploitation of     this vulnerability could potentially result into remote     code execution. This attack appear to be exploitable     via network connectivity.(CVE-2019-15695)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote NewStart CGSL host, running version MAIN 6.01, has tigervnc packages installed that are affected by multiple vulnerabilities:

  - TigerVNC version prior to 1.10.1 is vulnerable to stack     use-after-return, which occurs due to incorrect usage of     stack memory in ZRLEDecoder. If decoding routine would     throw an exception, ZRLEDecoder may try to access stack     variable, which has been already freed during the     process of stack unwinding. Exploitation of this     vulnerability could potentially result into remote code     execution. This attack appear to be exploitable via     network connectivity. (CVE-2019-15691)

  - TigerVNC version prior to 1.10.1 is vulnerable to heap     buffer overflow. Vulnerability could be triggered from     CopyRectDecoder due to incorrect value checks.
    Exploitation of this vulnerability could potentially     result into remote code execution. This attack appear to     be exploitable via network connectivity.
    (CVE-2019-15692)

  - TigerVNC version prior to 1.10.1 is vulnerable to heap     buffer overflow, which occurs in     TightDecoder::FilterGradient. Exploitation of this     vulnerability could potentially result into remote code     execution. This attack appear to be exploitable via     network connectivity. (CVE-2019-15693)

  - TigerVNC version prior to 1.10.1 is vulnerable to heap     buffer overflow, which could be triggered from     DecodeManager::decodeRect. Vulnerability occurs due to     the signdness error in processing MemOutStream.
    Exploitation of this vulnerability could potentially     result into remote code execution. This attack appear to     be exploitable via network connectivity.
    (CVE-2019-15694)

  - TigerVNC version prior to 1.10.1 is vulnerable to stack     buffer overflow, which could be triggered from     CMsgReader::readSetCursor. This vulnerability occurs due     to insufficient sanitization of PixelFormat. Since     remote attacker can choose offset from start of the     buffer to start writing his values, exploitation of this     vulnerability could potentially result into remote code     execution. This attack appear to be exploitable via     network connectivity. (CVE-2019-15695)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

This update for tigervnc fixes the following issues :

CVE-2019-15691: Fixed a use-after-return due to incorrect usage of stack memory in ZRLEDecoder (bsc#1159856).

CVE-2019-15692: Fixed a heap-based buffer overflow in CopyRectDecode (bsc#1160250).

CVE-2019-15693: Fixed a heap-based buffer overflow in TightDecoder::FilterGradient (bsc#1159858).

CVE-2019-15694: Fixed a heap-based buffer overflow, caused by improper error handling in processing MemOutStream (bsc#1160251).

CVE-2019-15695: Fixed a stack-based buffer overflow, which could be triggered from CMsgReader::readSetCursor (bsc#1159860).

Other bugs fixed :

Fix random connection freezes (bsc#1169952, bsc#1160249, bsc#1165680) :

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1497 advisory.

  - tigervnc: Stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder (CVE-2019-15691)

  - tigervnc: Heap buffer overflow triggered from CopyRectDecoder due to incorrect value checks     (CVE-2019-15692)

  - tigervnc: Heap buffer overflow in TightDecoder::FilterGradient (CVE-2019-15693)

  - tigervnc: Heap buffer overflow in DecodeManager::decodeRect (CVE-2019-15694)

  - tigervnc: Stack buffer overflow in CMsgReader::readSetCursor (CVE-2019-15695)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

From Red Hat Security Advisory 2020:1497 :

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1497 advisory.

  - tigervnc: Stack use-after-return due to incorrect usage     of stack memory in ZRLEDecoder (CVE-2019-15691)

  - tigervnc: Heap buffer overflow triggered from     CopyRectDecoder due to incorrect value checks     (CVE-2019-15692)

  - tigervnc: Heap buffer overflow in     TightDecoder::FilterGradient (CVE-2019-15693)

  - tigervnc: Heap buffer overflow in     DecodeManager::decodeRect (CVE-2019-15694)

  - tigervnc: Stack buffer overflow in     CMsgReader::readSetCursor (CVE-2019-15695)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

This update for tigervnc provides the following fixes :

Security issues fixed :

CVE-2019-15691: Fixed a use-after-return due to incorrect usage of stack memory in ZRLEDecoder (bsc#1159856).

CVE-2019-15692: Fixed a heap-based buffer overflow in CopyRectDecode (bsc#1160250).

CVE-2019-15693: Fixed a heap-based buffer overflow in TightDecoder::FilterGradient (bsc#1159858).

CVE-2019-15694: Fixed a heap-based buffer overflow, caused by improper error handling in processing MemOutStream (bsc#1160251).

CVE-2019-15695: Fixed a stack-based buffer overflow, which could be triggered from CMsgReader::readSetCursor (bsc#1159860).

Non-security issue fixed :

Make sure CN in generated certificate doesn't exceed 64 characters.
(bnc#1041847)

Change with-vnc-key.sh to generate TLS certificate using current hostname to keep it short. (bsc#1041847)

Disable MIT-SHM extension when running under user 'vnc'. (bsc#1053373)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for tigervnc fixes the following issues :

CVE-2019-15691: Fixed a use-after-return due to incorrect usage of stack memory in ZRLEDecoder (bsc#1159856).

CVE-2019-15692: Fixed a heap-based buffer overflow in CopyRectDecode (bsc#1160250).

CVE-2019-15693: Fixed a heap-based buffer overflow in TightDecoder::FilterGradient (bsc#1159858).

CVE-2019-15694: Fixed a heap-based buffer overflow, caused by improper error handling in processing MemOutStream (bsc#1160251).

CVE-2019-15695: Fixed a stack-based buffer overflow, which could be triggered from CMsgReader::readSetCursor (bsc#1159860).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for tigervnc fixes the following issues :

  - CVE-2019-15691: Fixed a use-after-return due to     incorrect usage of stack memory in ZRLEDecoder     (bsc#1159856).

  - CVE-2019-15692: Fixed a heap-based buffer overflow in     CopyRectDecode (bsc#1160250).

  - CVE-2019-15693: Fixed a heap-based buffer overflow in     TightDecoder::FilterGradient (bsc#1159858).

  - CVE-2019-15694: Fixed a heap-based buffer overflow,     caused by improper error handling in processing     MemOutStream (bsc#1160251).

  - CVE-2019-15695: Fixed a stack-based buffer overflow,     which could be triggered from CMsgReader::readSetCursor     (bsc#1159860).

This update was imported from the SUSE:SLE-15-SP1:Update update project.

ID	Name	Product	Family	Severity
147375	NewStart CGSL CORE 5.04 / MAIN 5.04 : tigervnc Multiple Vulnerabilities (NS-SA-2021-0035)	Nessus	NewStart CGSL Local Security Checks	high
146755	EulerOS 2.0 SP2 : tigervnc (EulerOS-SA-2021-1369)	Nessus	Huawei Local Security Checks	high
146169	EulerOS 2.0 SP5 : tigervnc (EulerOS-SA-2021-1237)	Nessus	Huawei Local Security Checks	high
146003	CentOS 8 : tigervnc (CESA-2020:1497)	Nessus	CentOS Local Security Checks	high
145143	EulerOS 2.0 SP3 : tigervnc (EulerOS-SA-2021-1127)	Nessus	Huawei Local Security Checks	high
144989	Amazon Linux AMI : tigervnc (ALAS-2021-1470)	Nessus	Amazon Linux Local Security Checks	high
144468	Amazon Linux AMI : tigervnc (ALAS-2020-1470) (deprecated)	Nessus	Amazon Linux Local Security Checks	high
141997	Amazon Linux 2 : tigervnc (ALAS-2020-1552)	Nessus	Amazon Linux Local Security Checks	high
141653	Scientific Linux Security Update : tigervnc on SL7.x x86_64 (20201001)	Nessus	Scientific Linux Local Security Checks	high
141600	CentOS 7 : tigervnc (CESA-2020:3875)	Nessus	CentOS Local Security Checks	high
141215	Oracle Linux 7 : tigervnc (ELSA-2020-3875)	Nessus	Oracle Linux Local Security Checks	high
141028	RHEL 7 : tigervnc (RHSA-2020:3875)	Nessus	Red Hat Local Security Checks	high
139988	EulerOS 2.0 SP8 : tigervnc (EulerOS-SA-2020-1885)	Nessus	Huawei Local Security Checks	high
138772	NewStart CGSL MAIN 6.01 : tigervnc Multiple Vulnerabilities (NS-SA-2020-0032)	Nessus	NewStart CGSL Local Security Checks	high
138296	SUSE SLES12 Security Update : tigervnc (SUSE-SU-2020:1749-1)	Nessus	SuSE Local Security Checks	high
135876	RHEL 8 : tigervnc (RHSA-2020:1497)	Nessus	Red Hat Local Security Checks	high
135748	Oracle Linux 8 : tigervnc (ELSA-2020-1497)	Nessus	Oracle Linux Local Security Checks	high
133395	SUSE SLES12 Security Update : tigervnc (SUSE-SU-2020:0266-1)	Nessus	SuSE Local Security Checks	high
133201	SUSE SLES12 Security Update : tigervnc (SUSE-SU-2020:0159-1)	Nessus	SuSE Local Security Checks	high
133173	openSUSE Security Update : tigervnc (openSUSE-2020-87)	Nessus	SuSE Local Security Checks	high
133035	SUSE SLED15 / SLES15 Security Update : tigervnc (SUSE-SU-2020:0113-1)	Nessus	SuSE Local Security Checks	high
133034	SUSE SLED15 / SLES15 Security Update : tigervnc (SUSE-SU-2020:0112-1)	Nessus	SuSE Local Security Checks	high

CVE-2019-15693

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high