[Bug 1160248] New: tigervnc security issues
http://bugzilla.suse.com/show_bug.cgi?id=1160248 Bug ID: 1160248 Summary: tigervnc security issues Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: sndirsch@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Meta bug for various tigervnc security issues -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160248
Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
http://bugzilla.suse.com/show_bug.cgi?id=1160248#c1
--- Comment #1 from Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
http://bugzilla.suse.com/show_bug.cgi?id=1160248#c2
--- Comment #2 from Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
http://bugzilla.suse.com/show_bug.cgi?id=1160248#c3
--- Comment #3 from Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
http://bugzilla.suse.com/show_bug.cgi?id=1160248#c4
--- Comment #4 from Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
http://bugzilla.suse.com/show_bug.cgi?id=1160248#c5
--- Comment #5 from Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
http://bugzilla.suse.com/show_bug.cgi?id=1160248#c6
--- Comment #6 from Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
http://bugzilla.suse.com/show_bug.cgi?id=1160248#c7
--- Comment #7 from Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
http://bugzilla.suse.com/show_bug.cgi?id=1160248#c8
--- Comment #8 from Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
http://bugzilla.suse.com/show_bug.cgi?id=1160248#c9
--- Comment #9 from Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
http://bugzilla.suse.com/show_bug.cgi?id=1160248#c10
--- Comment #10 from Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
http://bugzilla.suse.com/show_bug.cgi?id=1160248#c11
--- Comment #11 from Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
http://bugzilla.suse.com/show_bug.cgi?id=1160248#c12
--- Comment #12 from Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
http://bugzilla.suse.com/show_bug.cgi?id=1160248#c13
--- Comment #13 from Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
http://bugzilla.suse.com/show_bug.cgi?id=1160248#c14
--- Comment #14 from Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
http://bugzilla.suse.com/show_bug.cgi?id=1160248#c15
--- Comment #15 from Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
http://bugzilla.suse.com/show_bug.cgi?id=1160248#c16
--- Comment #16 from Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
http://bugzilla.suse.com/show_bug.cgi?id=1160248#c17
--- Comment #17 from Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
http://bugzilla.suse.com/show_bug.cgi?id=1160248#c18
--- Comment #18 from Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
http://bugzilla.suse.com/show_bug.cgi?id=1160248#c19
--- Comment #19 from Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
http://bugzilla.suse.com/show_bug.cgi?id=1160248#c20
--- Comment #20 from Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
http://bugzilla.suse.com/show_bug.cgi?id=1160248#c24
--- Comment #24 from Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
http://bugzilla.suse.com/show_bug.cgi?id=1160248#c25
--- Comment #25 from Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
http://bugzilla.suse.com/show_bug.cgi?id=1160248#c26
--- Comment #26 from Stefan Dirsch
http://bugzilla.suse.com/show_bug.cgi?id=1160248
Stefan Dirsch
https://bugzilla.suse.com/show_bug.cgi?id=1160248 Bug 1160248 depends on bug 1160251, which changed state. Bug 1160251 Summary: VUL-0: CVE-2019-15694: tigervnc: improper error handling in processing MemOutStream may lead to heap buffer overflow https://bugzilla.suse.com/show_bug.cgi?id=1160251 What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1160248 Bug 1160248 depends on bug 1160250, which changed state. Bug 1160250 Summary: VUL-0: CVE-2019-15692: tigervnc: improper value checks in CopyRectDecode may lead to heap buffer overflow https://bugzilla.suse.com/show_bug.cgi?id=1160250 What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1160248 Bug 1160248 depends on bug 1159860, which changed state. Bug 1159860 Summary: VUL-0: CVE-2019-15695: tigervnc: stack buffer overflow, which could be triggered from CMsgReader::readSetCurso https://bugzilla.suse.com/show_bug.cgi?id=1159860 What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1160248 Bug 1160248 depends on bug 1159856, which changed state. Bug 1159856 Summary: VUL-0: CVE-2019-15691: tigervnc: stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder https://bugzilla.suse.com/show_bug.cgi?id=1159856 What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1160248 Bug 1160248 depends on bug 1159858, which changed state. Bug 1159858 Summary: VUL-0: CVE-2019-15693: tigervnc: heap buffer overflow in TightDecoder::FilterGradient https://bugzilla.suse.com/show_bug.cgi?id=1159858 What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1160248
https://bugzilla.suse.com/show_bug.cgi?id=1160248#c27
Stefan Dirsch
participants (2)
-
bugzilla_noreply@novell.com
-
bugzilla_noreply@suse.com