Security update for vino SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2020:2009-1 Final 1 1 2020-07-22T15:27:54Z current 2020-07-22T15:27:54Z 2020-07-22T15:27:54Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for vino This update for vino fixes the following issues: - CVE-2019-15681: Fixed a memory leak which could have allowed to a remote attacker to read stack memory (bsc#1155419). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2020-2009,SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2009 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2020/suse-su-20202009-1/ Link for SUSE-SU-2020:2009-1 https://lists.suse.com/pipermail/sle-security-updates/2020-July/007169.html E-Mail link for SUSE-SU-2020:2009-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1155419 SUSE Bug 1155419 https://www.suse.com/security/cve/CVE-2019-15681/ SUSE CVE CVE-2019-15681 page SUSE Linux Enterprise Module for Desktop Applications 15 SP1 vino-3.22.0-3.6.76 vino-lang-3.22.0-3.6.76 vino-3.22.0-3.6.76 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 vino-lang-3.22.0-3.6.76 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP1 LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. CVE-2019-15681 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:vino-3.22.0-3.6.76 SUSE Linux Enterprise Module for Desktop Applications 15 SP1:vino-lang-3.22.0-3.6.76 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2020/suse-su-20202009-1/ https://www.suse.com/security/cve/CVE-2019-15681.html CVE-2019-15681 https://bugzilla.suse.com/1155419 SUSE Bug 1155419