{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for LibVNCServer","title":"Title of the patch"},{"category":"description","text":"The LibVNCServer package was updated to fix the following security issues:\n\n- bsc#897031: fix several security issues:\n  * CVE-2014-6051: Integer overflow in MallocFrameBuffer() on client side.\n  * CVE-2014-6052: Lack of malloc() return value checking on client side.\n  * CVE-2014-6053: Server crash on a very large ClientCutText message.\n  * CVE-2014-6054: Server crash when scaling factor is set to zero.\n  * CVE-2014-6055: Multiple stack overflows in File Transfer feature.\n- bsc#854151: Restrict the SSL cipher suite.\n","title":"Description of the patch"},{"category":"details","text":"SUSE-SLE-DESKTOP-12-2015-890,SUSE-SLE-SDK-12-2015-890,SUSE-SLE-SERVER-12-2015-890","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_2088-1.json"},{"category":"self","summary":"URL for SUSE-SU-2015:2088-1","url":"https://www.suse.com/support/update/announcement/2015/suse-su-20152088-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2015:2088-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2015-November/001696.html"},{"category":"self","summary":"SUSE Bug 854151","url":"https://bugzilla.suse.com/854151"},{"category":"self","summary":"SUSE Bug 897031","url":"https://bugzilla.suse.com/897031"},{"category":"self","summary":"SUSE CVE CVE-2014-6051 page","url":"https://www.suse.com/security/cve/CVE-2014-6051/"},{"category":"self","summary":"SUSE CVE CVE-2014-6052 page","url":"https://www.suse.com/security/cve/CVE-2014-6052/"},{"category":"self","summary":"SUSE CVE CVE-2014-6053 page","url":"https://www.suse.com/security/cve/CVE-2014-6053/"},{"category":"self","summary":"SUSE CVE CVE-2014-6054 page","url":"https://www.suse.com/security/cve/CVE-2014-6054/"},{"category":"self","summary":"SUSE CVE CVE-2014-6055 page","url":"https://www.suse.com/security/cve/CVE-2014-6055/"}],"title":"Security update for LibVNCServer","tracking":{"current_release_date":"2015-12-30T13:04:03Z","generator":{"date":"2015-12-30T13:04:03Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2015:2088-1","initial_release_date":"2015-12-30T13:04:03Z","revision_history":[{"date":"2015-12-30T13:04:03Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"LibVNCServer-devel-0.9.9-16.1.ppc64le","product":{"name":"LibVNCServer-devel-0.9.9-16.1.ppc64le","product_id":"LibVNCServer-devel-0.9.9-16.1.ppc64le"}},{"category":"product_version","name":"libvncclient0-0.9.9-16.1.ppc64le","product":{"name":"libvncclient0-0.9.9-16.1.ppc64le","product_id":"libvncclient0-0.9.9-16.1.ppc64le"}},{"category":"product_version","name":"libvncserver0-0.9.9-16.1.ppc64le","product":{"name":"libvncserver0-0.9.9-16.1.ppc64le","product_id":"libvncserver0-0.9.9-16.1.ppc64le"}}],"category":"architecture","name":"ppc64le"},{"branches":[{"category":"product_version","name":"LibVNCServer-devel-0.9.9-16.1.s390x","product":{"name":"LibVNCServer-devel-0.9.9-16.1.s390x","product_id":"LibVNCServer-devel-0.9.9-16.1.s390x"}},{"category":"product_version","name":"libvncclient0-0.9.9-16.1.s390x","product":{"name":"libvncclient0-0.9.9-16.1.s390x","product_id":"libvncclient0-0.9.9-16.1.s390x"}},{"category":"product_version","name":"libvncserver0-0.9.9-16.1.s390x","product":{"name":"libvncserver0-0.9.9-16.1.s390x","product_id":"libvncserver0-0.9.9-16.1.s390x"}}],"category":"architecture","name":"s390x"},{"branches":[{"category":"product_version","name":"libvncclient0-0.9.9-16.1.x86_64","product":{"name":"libvncclient0-0.9.9-16.1.x86_64","product_id":"libvncclient0-0.9.9-16.1.x86_64"}},{"category":"product_version","name":"libvncserver0-0.9.9-16.1.x86_64","product":{"name":"libvncserver0-0.9.9-16.1.x86_64","product_id":"libvncserver0-0.9.9-16.1.x86_64"}},{"category":"product_version","name":"LibVNCServer-devel-0.9.9-16.1.x86_64","product":{"name":"LibVNCServer-devel-0.9.9-16.1.x86_64","product_id":"LibVNCServer-devel-0.9.9-16.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Desktop 12","product":{"name":"SUSE Linux Enterprise Desktop 12","product_id":"SUSE Linux Enterprise Desktop 12","product_identification_helper":{"cpe":"cpe:/o:suse:sled:12"}}},{"category":"product_name","name":"SUSE Linux Enterprise Software Development Kit 12","product":{"name":"SUSE Linux Enterprise Software Development Kit 12","product_id":"SUSE Linux Enterprise Software Development Kit 12","product_identification_helper":{"cpe":"cpe:/o:suse:sle-sdk:12"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12","product":{"name":"SUSE Linux Enterprise Server 12","product_id":"SUSE Linux Enterprise Server 12","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12","product_id":"SUSE Linux Enterprise Server for SAP Applications 12","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"libvncclient0-0.9.9-16.1.x86_64 as component of SUSE Linux Enterprise Desktop 12","product_id":"SUSE Linux Enterprise Desktop 12:libvncclient0-0.9.9-16.1.x86_64"},"product_reference":"libvncclient0-0.9.9-16.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Desktop 12"},{"category":"default_component_of","full_product_name":{"name":"libvncserver0-0.9.9-16.1.x86_64 as component of SUSE Linux Enterprise Desktop 12","product_id":"SUSE Linux Enterprise Desktop 12:libvncserver0-0.9.9-16.1.x86_64"},"product_reference":"libvncserver0-0.9.9-16.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Desktop 12"},{"category":"default_component_of","full_product_name":{"name":"LibVNCServer-devel-0.9.9-16.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12","product_id":"SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.ppc64le"},"product_reference":"LibVNCServer-devel-0.9.9-16.1.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Software Development Kit 12"},{"category":"default_component_of","full_product_name":{"name":"LibVNCServer-devel-0.9.9-16.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12","product_id":"SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.s390x"},"product_reference":"LibVNCServer-devel-0.9.9-16.1.s390x","relates_to_product_reference":"SUSE Linux Enterprise Software Development Kit 12"},{"category":"default_component_of","full_product_name":{"name":"LibVNCServer-devel-0.9.9-16.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12","product_id":"SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.x86_64"},"product_reference":"LibVNCServer-devel-0.9.9-16.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Software Development Kit 12"},{"category":"default_component_of","full_product_name":{"name":"libvncclient0-0.9.9-16.1.ppc64le as component of SUSE Linux Enterprise Server 12","product_id":"SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.ppc64le"},"product_reference":"libvncclient0-0.9.9-16.1.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Server 12"},{"category":"default_component_of","full_product_name":{"name":"libvncclient0-0.9.9-16.1.s390x as component of SUSE Linux Enterprise Server 12","product_id":"SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.s390x"},"product_reference":"libvncclient0-0.9.9-16.1.s390x","relates_to_product_reference":"SUSE Linux Enterprise Server 12"},{"category":"default_component_of","full_product_name":{"name":"libvncclient0-0.9.9-16.1.x86_64 as component of SUSE Linux Enterprise Server 12","product_id":"SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.x86_64"},"product_reference":"libvncclient0-0.9.9-16.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server 12"},{"category":"default_component_of","full_product_name":{"name":"libvncserver0-0.9.9-16.1.ppc64le as component of SUSE Linux Enterprise Server 12","product_id":"SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.ppc64le"},"product_reference":"libvncserver0-0.9.9-16.1.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Server 12"},{"category":"default_component_of","full_product_name":{"name":"libvncserver0-0.9.9-16.1.s390x as component of SUSE Linux Enterprise Server 12","product_id":"SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.s390x"},"product_reference":"libvncserver0-0.9.9-16.1.s390x","relates_to_product_reference":"SUSE Linux Enterprise Server 12"},{"category":"default_component_of","full_product_name":{"name":"libvncserver0-0.9.9-16.1.x86_64 as component of SUSE Linux Enterprise Server 12","product_id":"SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.x86_64"},"product_reference":"libvncserver0-0.9.9-16.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server 12"},{"category":"default_component_of","full_product_name":{"name":"libvncclient0-0.9.9-16.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12","product_id":"SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.ppc64le"},"product_reference":"libvncclient0-0.9.9-16.1.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12"},{"category":"default_component_of","full_product_name":{"name":"libvncclient0-0.9.9-16.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12","product_id":"SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.s390x"},"product_reference":"libvncclient0-0.9.9-16.1.s390x","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12"},{"category":"default_component_of","full_product_name":{"name":"libvncclient0-0.9.9-16.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12","product_id":"SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.x86_64"},"product_reference":"libvncclient0-0.9.9-16.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12"},{"category":"default_component_of","full_product_name":{"name":"libvncserver0-0.9.9-16.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12","product_id":"SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.ppc64le"},"product_reference":"libvncserver0-0.9.9-16.1.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12"},{"category":"default_component_of","full_product_name":{"name":"libvncserver0-0.9.9-16.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12","product_id":"SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.s390x"},"product_reference":"libvncserver0-0.9.9-16.1.s390x","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12"},{"category":"default_component_of","full_product_name":{"name":"libvncserver0-0.9.9-16.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12","product_id":"SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.x86_64"},"product_reference":"libvncserver0-0.9.9-16.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12"}]},"vulnerabilities":[{"cve":"CVE-2014-6051","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2014-6051"}],"notes":[{"category":"general","text":"Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Desktop 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.s390x","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2014-6051","url":"https://www.suse.com/security/cve/CVE-2014-6051"},{"category":"external","summary":"SUSE Bug 897031 for CVE-2014-6051","url":"https://bugzilla.suse.com/897031"},{"category":"external","summary":"SUSE Bug 900896 for CVE-2014-6051","url":"https://bugzilla.suse.com/900896"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Desktop 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.s390x","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.x86_64"]}],"threats":[{"category":"impact","date":"2015-12-30T13:04:03Z","details":"important"}],"title":"CVE-2014-6051"},{"cve":"CVE-2014-6052","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2014-6052"}],"notes":[{"category":"general","text":"The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Desktop 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.s390x","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2014-6052","url":"https://www.suse.com/security/cve/CVE-2014-6052"},{"category":"external","summary":"SUSE Bug 897031 for CVE-2014-6052","url":"https://bugzilla.suse.com/897031"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Desktop 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.s390x","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.x86_64"]}],"threats":[{"category":"impact","date":"2015-12-30T13:04:03Z","details":"important"}],"title":"CVE-2014-6052"},{"cve":"CVE-2014-6053","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2014-6053"}],"notes":[{"category":"general","text":"The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Desktop 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.s390x","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2014-6053","url":"https://www.suse.com/security/cve/CVE-2014-6053"},{"category":"external","summary":"SUSE Bug 897031 for CVE-2014-6053","url":"https://bugzilla.suse.com/897031"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Desktop 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.s390x","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.x86_64"]}],"threats":[{"category":"impact","date":"2015-12-30T13:04:03Z","details":"important"}],"title":"CVE-2014-6053"},{"cve":"CVE-2014-6054","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2014-6054"}],"notes":[{"category":"general","text":"The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Desktop 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.s390x","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2014-6054","url":"https://www.suse.com/security/cve/CVE-2014-6054"},{"category":"external","summary":"SUSE Bug 897031 for CVE-2014-6054","url":"https://bugzilla.suse.com/897031"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Desktop 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.s390x","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.x86_64"]}],"threats":[{"category":"impact","date":"2015-12-30T13:04:03Z","details":"important"}],"title":"CVE-2014-6054"},{"cve":"CVE-2014-6055","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2014-6055"}],"notes":[{"category":"general","text":"Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Desktop 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.s390x","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2014-6055","url":"https://www.suse.com/security/cve/CVE-2014-6055"},{"category":"external","summary":"SUSE Bug 897031 for CVE-2014-6055","url":"https://bugzilla.suse.com/897031"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Desktop 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12:libvncclient0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.s390x","SUSE Linux Enterprise Server for SAP Applications 12:libvncserver0-0.9.9-16.1.x86_64","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.ppc64le","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.s390x","SUSE Linux Enterprise Software Development Kit 12:LibVNCServer-devel-0.9.9-16.1.x86_64"]}],"threats":[{"category":"impact","date":"2015-12-30T13:04:03Z","details":"important"}],"title":"CVE-2014-6055"}]}