{"affected":[{"ecosystem_specific":{"binaries":[{"tightvnc":"1.3.9-81.15.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Point of Sale 11 SP3","name":"tightvnc","purl":"pkg:rpm/suse/tightvnc&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.3.9-81.15.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"tightvnc":"1.3.9-81.15.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4-LTSS","name":"tightvnc","purl":"pkg:rpm/suse/tightvnc&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.3.9-81.15.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for tightvnc fixes the following issues:\n\n- CVE-2019-15679: Fixed a heap buffer overflow in InitialiseRFBConnection \n  which might lead to code execution (bsc#1155476). \n- CVE-2019-8287: Fixed a global buffer overflow in HandleCoRREBBPmay which \n  might lead to code execution (bsc#1155472).\n- CVE-2019-15680: Fixed a null pointer dereference in HandleZlibBPP which \n  could have led to denial of service (bsc#1155452).\n- CVE-2019-15678: Fixed a heap buffer overflow in rfbServerCutText handler \n  (bsc#1155442).\n","id":"SUSE-SU-2019:14235-1","modified":"2019-11-29T13:46:58Z","published":"2019-11-29T13:46:58Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-201914235-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1155442"},{"type":"REPORT","url":"https://bugzilla.suse.com/1155452"},{"type":"REPORT","url":"https://bugzilla.suse.com/1155472"},{"type":"REPORT","url":"https://bugzilla.suse.com/1155476"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-15678"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-15679"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-15680"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-8287"}],"related":["CVE-2019-15678","CVE-2019-15679","CVE-2019-15680","CVE-2019-8287"],"summary":"Security update for tightvnc","upstream":["CVE-2019-15678","CVE-2019-15679","CVE-2019-15680","CVE-2019-8287"]}