Synopsis: Moderate: tigervnc security and bug fix update
Advisory ID: SLSA-2020:3875-1
Issue Date: 2020-10-01
CVE Numbers: CVE-2019-15694
CVE-2019-15692
CVE-2019-15695
CVE-2019-15691
CVE-2019-15693
—
Security Fix(es):
* tigervnc: Stack use-after-return due to incorrect usage of stack memory
in ZRLEDecoder (CVE-2019-15691)
* tigervnc: Heap buffer overflow triggered from CopyRectDecoder due to
incorrect value checks (CVE-2019-15692)
* tigervnc: Heap buffer overflow in TightDecoder::FilterGradient
(CVE-2019-15693)
* tigervnc: Heap buffer overflow in DecodeManager::decodeRect
(CVE-2019-15694)
* tigervnc: Stack buffer overflow in CMsgReader::readSetCursor
(CVE-2019-15695)
—
SL7
x86_64
tigervnc-server-minimal-1.8.0-21.el7.x86_64.rpm
tigervnc-license-1.8.0-21.el7.noarch.rpm
tigervnc-1.8.0-21.el7.x86_64.rpm
tigervnc-icons-1.8.0-21.el7.noarch.rpm
tigervnc-server-1.8.0-21.el7.x86_64.rpm
tigervnc-debuginfo-1.8.0-21.el7.x86_64.rpm
tigervnc-server-module-1.8.0-21.el7.x86_64.rpm
noarch
tigervnc-icons-1.8.0-21.el7.noarch.rpm
tigervnc-license-1.8.0-21.el7.noarch.rpm
tigervnc-server-applet-1.8.0-21.el7.noarch.rpm
– Scientific Linux Development Team
