Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Moderate: tigervnc security update

Related Vulnerabilities: CVE-2019-15691   CVE-2019-15692   CVE-2019-15693   CVE-2019-15694   CVE-2019-15695   CVE-2019-15692   CVE-2019-15691   CVE-2019-15693   CVE-2019-15694   CVE-2019-15695   CVE-2019-15691   CVE-2019-15692   CVE-2019-15693   CVE-2019-15694   CVE-2019-15695  

Source

Synopsis

Moderate: tigervnc security update

Type/Severity

Security Advisory: Moderate

Topic

An update for tigervnc is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

  • tigervnc: Stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder (CVE-2019-15691)
  • tigervnc: Heap buffer overflow triggered from CopyRectDecoder due to incorrect value checks (CVE-2019-15692)
  • tigervnc: Heap buffer overflow in TightDecoder::FilterGradient (CVE-2019-15693)
  • tigervnc: Heap buffer overflow in DecodeManager::decodeRect (CVE-2019-15694)
  • tigervnc: Stack buffer overflow in CMsgReader::readSetCursor (CVE-2019-15695)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64

Fixes

  • BZ - 1789527 - CVE-2019-15692 tigervnc: Heap buffer overflow triggered from CopyRectDecoder due to incorrect value checks
  • BZ - 1789908 - CVE-2019-15691 tigervnc: Stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder
  • BZ - 1790313 - CVE-2019-15693 tigervnc: Heap buffer overflow in TightDecoder::FilterGradient
  • BZ - 1790315 - CVE-2019-15694 tigervnc: Heap buffer overflow in DecodeManager::decodeRect
  • BZ - 1790318 - CVE-2019-15695 tigervnc: Stack buffer overflow in CMsgReader::readSetCursor

CVEs

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started