openSUSE Security Update: Security update for tigervnc ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1028-1 Rating: moderate References: #1031875 #1031877 #1031879 #1031886 #1032880 Cross-References: CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396 Affected Products: openSUSE Leap 42.2 openSUSE Leap 42.1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for tigervnc provides the several fixes. These security issues were fixed: - CVE-2017-7392, CVE-2017-7396: Client can cause leak in VNC server (bsc#1031886) - CVE-2017-7395: Authenticated VNC client can crash VNC server (bsc#1031877) - CVE-2017-7394: Client can crash or block VNC server (bsc#1031879) - CVE-2017-7393: Authenticated client can cause double free in VNC server (bsc#1031875) - Prevent buffer overflow in VNC client, allowing for crashing the client (bnc#1032880) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-475=1 - openSUSE Leap 42.1: zypper in -t patch openSUSE-2017-475=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (i586 x86_64): libXvnc-devel-1.6.0-16.5.1 libXvnc1-1.6.0-16.5.1 libXvnc1-debuginfo-1.6.0-16.5.1 tigervnc-1.6.0-16.5.1 tigervnc-debuginfo-1.6.0-16.5.1 tigervnc-debugsource-1.6.0-16.5.1 xorg-x11-Xvnc-1.6.0-16.5.1 xorg-x11-Xvnc-debuginfo-1.6.0-16.5.1 - openSUSE Leap 42.1 (i586 x86_64): tigervnc-1.5.0-40.1 tigervnc-debuginfo-1.5.0-40.1 tigervnc-debugsource-1.5.0-40.1 xorg-x11-Xvnc-1.5.0-40.1 xorg-x11-Xvnc-debuginfo-1.5.0-40.1 References: https://www.suse.com/security/cve/CVE-2017-7392.html https://www.suse.com/security/cve/CVE-2017-7393.html https://www.suse.com/security/cve/CVE-2017-7394.html https://www.suse.com/security/cve/CVE-2017-7395.html https://www.suse.com/security/cve/CVE-2017-7396.html https://bugzilla.suse.com/1031875 https://bugzilla.suse.com/1031877 https://bugzilla.suse.com/1031879 https://bugzilla.suse.com/1031886 https://bugzilla.suse.com/1032880