[Bug 1160248] New: tigervnc security issues
http://bugzilla.suse.com/show_bug.cgi?id=1160248 Bug ID: 1160248 Summary: tigervnc security issues Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: sndirsch@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Meta bug for various tigervnc security issues -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 Stefan Dirsch <sndirsch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|NEW |IN_PROGRESS Depends on| |1159856, 1159858, 1159860 Assignee|security-team@suse.de |sndirsch@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 Stefan Dirsch <sndirsch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|tigervnc security issues |tigervnc security issues | |(meta bug) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 Stefan Dirsch <sndirsch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1160250, 1160251 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 Stefan Dirsch <sndirsch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|1160250, 1160251 | Depends on| |1160250, 1160251 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 http://bugzilla.suse.com/show_bug.cgi?id=1160248#c1 --- Comment #1 from Stefan Dirsch <sndirsch@suse.com> --- Created attachment 827054 --> http://bugzilla.suse.com/attachment.cgi?id=827054&action=edit 0001-Make-ZlibInStream-more-robust-against-failures.patch -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 http://bugzilla.suse.com/show_bug.cgi?id=1160248#c2 --- Comment #2 from Stefan Dirsch <sndirsch@suse.com> --- Created attachment 827055 --> http://bugzilla.suse.com/attachment.cgi?id=827055&action=edit 0002-Restrict-PixelBuffer-dimensions-to-safe-values.patch -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 http://bugzilla.suse.com/show_bug.cgi?id=1160248#c3 --- Comment #3 from Stefan Dirsch <sndirsch@suse.com> --- Created attachment 827056 --> http://bugzilla.suse.com/attachment.cgi?id=827056&action=edit 0003-Handle-empty-Tight-gradient-rects.patch -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 http://bugzilla.suse.com/show_bug.cgi?id=1160248#c4 --- Comment #4 from Stefan Dirsch <sndirsch@suse.com> --- Created attachment 827057 --> http://bugzilla.suse.com/attachment.cgi?id=827057&action=edit 0004-Use-size_t-for-lengths-in-stream-objects.patch -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 http://bugzilla.suse.com/show_bug.cgi?id=1160248#c5 --- Comment #5 from Stefan Dirsch <sndirsch@suse.com> --- Created attachment 827058 --> http://bugzilla.suse.com/attachment.cgi?id=827058&action=edit 0005-Handle-pixel-formats-with-odd-shift-values.patch -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 Stefan Dirsch <sndirsch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #827054|0 |1 is obsolete| | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 Stefan Dirsch <sndirsch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #827055|0 |1 is obsolete| | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 Stefan Dirsch <sndirsch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #827056|0 |1 is obsolete| | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 Stefan Dirsch <sndirsch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #827057|0 |1 is obsolete| | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 Stefan Dirsch <sndirsch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #827058|0 |1 is obsolete| | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 http://bugzilla.suse.com/show_bug.cgi?id=1160248#c6 --- Comment #6 from Stefan Dirsch <sndirsch@suse.com> --- Created attachment 827062 --> http://bugzilla.suse.com/attachment.cgi?id=827062&action=edit 0001-Make-ZlibInStream-more-robust-against-failures.patch -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 http://bugzilla.suse.com/show_bug.cgi?id=1160248#c7 --- Comment #7 from Stefan Dirsch <sndirsch@suse.com> --- Created attachment 827063 --> http://bugzilla.suse.com/attachment.cgi?id=827063&action=edit 0002-Encapsulate-PixelBuffer-internal-details.patch -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 http://bugzilla.suse.com/show_bug.cgi?id=1160248#c8 --- Comment #8 from Stefan Dirsch <sndirsch@suse.com> --- Created attachment 827064 --> http://bugzilla.suse.com/attachment.cgi?id=827064&action=edit 0003-Restrict-PixelBuffer-dimensions-to-safe-values.patch -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 http://bugzilla.suse.com/show_bug.cgi?id=1160248#c9 --- Comment #9 from Stefan Dirsch <sndirsch@suse.com> --- Created attachment 827065 --> http://bugzilla.suse.com/attachment.cgi?id=827065&action=edit 0004-Add-write-protection-to-OffsetPixelBuffer.patch -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 http://bugzilla.suse.com/show_bug.cgi?id=1160248#c10 --- Comment #10 from Stefan Dirsch <sndirsch@suse.com> --- Created attachment 827066 --> http://bugzilla.suse.com/attachment.cgi?id=827066&action=edit 0005-Handle-empty-Tight-gradient-rects.patch -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 http://bugzilla.suse.com/show_bug.cgi?id=1160248#c11 --- Comment #11 from Stefan Dirsch <sndirsch@suse.com> --- Created attachment 827067 --> http://bugzilla.suse.com/attachment.cgi?id=827067&action=edit 0006-Add-unit-test-for-PixelFormat-sanity-checks.patch -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 http://bugzilla.suse.com/show_bug.cgi?id=1160248#c12 --- Comment #12 from Stefan Dirsch <sndirsch@suse.com> --- Created attachment 827068 --> http://bugzilla.suse.com/attachment.cgi?id=827068&action=edit 0007-Fix-depth-sanity-test-in-PixelFormat.patch -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 http://bugzilla.suse.com/show_bug.cgi?id=1160248#c13 --- Comment #13 from Stefan Dirsch <sndirsch@suse.com> --- Created attachment 827070 --> http://bugzilla.suse.com/attachment.cgi?id=827070&action=edit 0008-Add-sanity-checks-for-PixelFormat-shift-values.patch -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 http://bugzilla.suse.com/show_bug.cgi?id=1160248#c14 --- Comment #14 from Stefan Dirsch <sndirsch@suse.com> --- Created attachment 827071 --> http://bugzilla.suse.com/attachment.cgi?id=827071&action=edit 0009-Remove-unused-FixedMemOutStream.patch -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 http://bugzilla.suse.com/show_bug.cgi?id=1160248#c15 --- Comment #15 from Stefan Dirsch <sndirsch@suse.com> --- Created attachment 827072 --> http://bugzilla.suse.com/attachment.cgi?id=827072&action=edit 0010-Use-size_t-for-lengths-in-stream-objects.patch -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 http://bugzilla.suse.com/show_bug.cgi?id=1160248#c16 --- Comment #16 from Stefan Dirsch <sndirsch@suse.com> --- Created attachment 827073 --> http://bugzilla.suse.com/attachment.cgi?id=827073&action=edit 0011-Be-defensive-about-overflows-in-stream-objects.patch -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 http://bugzilla.suse.com/show_bug.cgi?id=1160248#c17 --- Comment #17 from Stefan Dirsch <sndirsch@suse.com> --- Created attachment 827074 --> http://bugzilla.suse.com/attachment.cgi?id=827074&action=edit 0012-Add-unit-tests-for-PixelFormat.is888-detection.patch -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 http://bugzilla.suse.com/show_bug.cgi?id=1160248#c18 --- Comment #18 from Stefan Dirsch <sndirsch@suse.com> --- Created attachment 827075 --> http://bugzilla.suse.com/attachment.cgi?id=827075&action=edit 0013-Handle-pixel-formats-with-odd-shift-values.patch -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 http://bugzilla.suse.com/show_bug.cgi?id=1160248#c19 --- Comment #19 from Stefan Dirsch <sndirsch@suse.com> --- One needs to add *all* patches from submit requests! https://github.com/TigerVNC/tigervnc/pull/921 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 http://bugzilla.suse.com/show_bug.cgi?id=1160248#c20 --- Comment #20 from Stefan Dirsch <sndirsch@suse.com> --- According to our security team the fix applies to all codestreams and thus are tracked as affected. That are : SLE15 SLE15-SP1 SLE12-SP4 SLE12-SP2 SLE12-SP1 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 http://bugzilla.suse.com/show_bug.cgi?id=1160248#c24 --- Comment #24 from Stefan Dirsch <sndirsch@suse.com> --- sle12-sp1: https://build.suse.de/request/show/209269 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 http://bugzilla.suse.com/show_bug.cgi?id=1160248#c25 --- Comment #25 from Stefan Dirsch <sndirsch@suse.com> --- Everyhing submitted. Now waiting for security team to check this in ... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 http://bugzilla.suse.com/show_bug.cgi?id=1160248#c26 --- Comment #26 from Stefan Dirsch <sndirsch@suse.com> --- Update SRs in order to fix regression, which was tracked in bsc#1160937: https://build.suse.de/request/show/209479 https://build.suse.de/request/show/209480 https://build.suse.de/request/show/209481 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248 Stefan Dirsch <sndirsch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |gfx-bugs@suse.de, | |gfx-enterprise-bugs@suse.de | |, sax2-bugs@suse.de -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1160248 Bug 1160248 depends on bug 1160251, which changed state. Bug 1160251 Summary: VUL-0: CVE-2019-15694: tigervnc: improper error handling in processing MemOutStream may lead to heap buffer overflow https://bugzilla.suse.com/show_bug.cgi?id=1160251 What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1160248 Bug 1160248 depends on bug 1160250, which changed state. Bug 1160250 Summary: VUL-0: CVE-2019-15692: tigervnc: improper value checks in CopyRectDecode may lead to heap buffer overflow https://bugzilla.suse.com/show_bug.cgi?id=1160250 What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1160248 Bug 1160248 depends on bug 1159860, which changed state. Bug 1159860 Summary: VUL-0: CVE-2019-15695: tigervnc: stack buffer overflow, which could be triggered from CMsgReader::readSetCurso https://bugzilla.suse.com/show_bug.cgi?id=1159860 What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1160248 Bug 1160248 depends on bug 1159856, which changed state. Bug 1159856 Summary: VUL-0: CVE-2019-15691: tigervnc: stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder https://bugzilla.suse.com/show_bug.cgi?id=1159856 What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1160248 Bug 1160248 depends on bug 1159858, which changed state. Bug 1159858 Summary: VUL-0: CVE-2019-15693: tigervnc: heap buffer overflow in TightDecoder::FilterGradient https://bugzilla.suse.com/show_bug.cgi?id=1159858 What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1160248 https://bugzilla.suse.com/show_bug.cgi?id=1160248#c27 Stefan Dirsch <sndirsch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #27 from Stefan Dirsch <sndirsch@suse.com> --- Finally closing this since all blocking bugs were closed meanwhile. -- You are receiving this mail because: You are on the CC list for the bug.
participants (2)
-
bugzilla_noreply@novell.com -
bugzilla_noreply@suse.com