{"affected":[{"ecosystem_specific":{"binaries":[{"libvncserver0":"0.9.10-4.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15","name":"LibVNCServer","purl":"pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.9.10-4.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libvncclient0":"0.9.10-4.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15","name":"LibVNCServer","purl":"pkg:rpm/suse/LibVNCServer&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.9.10-4.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for LibVNCServer fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-15126: Fixed use-after-free in file transfer extension (bsc#1120114)\n- CVE-2018-6307: Fixed use-after-free in file transfer extension server code (bsc#1120115)\n- CVE-2018-20020: Fixed heap out-of-bound write inside structure in VNC client code (bsc#1120116)\n- CVE-2018-15127: Fixed heap out-of-bounds write in rfbserver.c (bsc#1120117)\n- CVE-2018-20019: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1120118)\n- CVE-2018-20023: Fixed information disclosure through improper initialization in VNC Repeater client code (bsc#1120119)\n- CVE-2018-20022: Fixed information disclosure through improper initialization in VNC client code (bsc#1120120)\n- CVE-2018-20024: Fixed NULL pointer dereference in VNC client code (bsc#1120121)\n- CVE-2018-20021: Fixed infinite loop in VNC client code (bsc#1120122)\n","id":"SUSE-SU-2019:0080-1","modified":"2019-01-11T16:05:57Z","published":"2019-01-11T16:05:57Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20190080-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1120114"},{"type":"REPORT","url":"https://bugzilla.suse.com/1120115"},{"type":"REPORT","url":"https://bugzilla.suse.com/1120116"},{"type":"REPORT","url":"https://bugzilla.suse.com/1120117"},{"type":"REPORT","url":"https://bugzilla.suse.com/1120118"},{"type":"REPORT","url":"https://bugzilla.suse.com/1120119"},{"type":"REPORT","url":"https://bugzilla.suse.com/1120120"},{"type":"REPORT","url":"https://bugzilla.suse.com/1120121"},{"type":"REPORT","url":"https://bugzilla.suse.com/1120122"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-15126"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-15127"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-20019"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-20020"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-20021"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-20022"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-20023"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-20024"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6307"}],"related":["CVE-2018-15126","CVE-2018-15127","CVE-2018-20019","CVE-2018-20020","CVE-2018-20021","CVE-2018-20022","CVE-2018-20023","CVE-2018-20024","CVE-2018-6307"],"summary":"Security update for LibVNCServer","upstream":["CVE-2018-15126","CVE-2018-15127","CVE-2018-20019","CVE-2018-20020","CVE-2018-20021","CVE-2018-20022","CVE-2018-20023","CVE-2018-20024","CVE-2018-6307"]}