Synopsis: Moderate: tigervnc security and bug fix update Advisory ID: SLSA-2020:3875-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2019-15694 CVE-2019-15692 CVE-2019-15695 CVE-2019-15691 CVE-2019-15693 -- Security Fix(es): * tigervnc: Stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder (CVE-2019-15691) * tigervnc: Heap buffer overflow triggered from CopyRectDecoder due to incorrect value checks (CVE-2019-15692) * tigervnc: Heap buffer overflow in TightDecoder::FilterGradient (CVE-2019-15693) * tigervnc: Heap buffer overflow in DecodeManager::decodeRect (CVE-2019-15694) * tigervnc: Stack buffer overflow in CMsgReader::readSetCursor (CVE-2019-15695) -- SL7 x86_64 tigervnc-server-minimal-1.8.0-21.el7.x86_64.rpm tigervnc-license-1.8.0-21.el7.noarch.rpm tigervnc-1.8.0-21.el7.x86_64.rpm tigervnc-icons-1.8.0-21.el7.noarch.rpm tigervnc-server-1.8.0-21.el7.x86_64.rpm tigervnc-debuginfo-1.8.0-21.el7.x86_64.rpm tigervnc-server-module-1.8.0-21.el7.x86_64.rpm noarch tigervnc-icons-1.8.0-21.el7.noarch.rpm tigervnc-license-1.8.0-21.el7.noarch.rpm tigervnc-server-applet-1.8.0-21.el7.noarch.rpm - Scientific Linux Development Team