vino-3.22.0-7.9 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11498-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z vino-3.22.0-7.9 on GA media These are all security issues fixed in the vino-3.22.0-7.9 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11498 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2019-15681/ SUSE CVE CVE-2019-15681 page openSUSE Tumbleweed vino-3.22.0-7.9 vino-lang-3.22.0-7.9 vino-3.22.0-7.9 as a component of openSUSE Tumbleweed vino-lang-3.22.0-7.9 as a component of openSUSE Tumbleweed LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a. CVE-2019-15681 openSUSE Tumbleweed:vino-3.22.0-7.9 openSUSE Tumbleweed:vino-lang-3.22.0-7.9 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-15681.html CVE-2019-15681 https://bugzilla.suse.com/1155419 SUSE Bug 1155419