File _patchinfo of Package patchinfo.9870

<patchinfo incident="9870">
  <issue tracker="bnc" id="1120120">VUL-0: CVE-2018-20022: LibVNCServer: Improper initialization in VNC client code allows for information disclosure</issue>
  <issue tracker="bnc" id="1120121">VUL-0: CVE-2018-20024: LibVNCServer: NULL pointer dereference in VNC client code allows for denial of service</issue>
  <issue tracker="bnc" id="1120122">VUL-0: CVE-2018-20021: LibVNCServer: Infinite loop in VNC client code allows for denial of service</issue>
  <issue tracker="bnc" id="1120119">VUL-0: CVE-2018-20023: LibVNCServer: Improper initialization in VNC Repeater client code allows for information disclosure</issue>
  <issue tracker="bnc" id="1120118">VUL-0: CVE-2018-20019: LibVNCServer: Multiple heap out-of-bound writes in VNC client code</issue>
  <issue tracker="bnc" id="1120115">VUL-0: CVE-2018-6307: LibVNCServer: Use-after-free in file transfer extension server code allows for potential code execution</issue>
  <issue tracker="bnc" id="1120114">VUL-0: CVE-2018-15126: LibVNCServer: Use-after-free in file transfer extension allows for potential code execution</issue>
  <issue tracker="bnc" id="1120117">VUL-0: CVE-2018-15127: LibVNCServer: Heap out-of-bounds write in rfbserver.c:rfbProcessFileTransferReadBuffer() allows for potential code execution</issue>
  <issue tracker="bnc" id="1120116">VUL-0: CVE-2018-20020: LibVNCServer: Heap out-of-bound write inside structure in VNC client code allows for potential code execution</issue>
  <issue tracker="cve" id="2018-20024"/>
  <issue tracker="cve" id="2018-6307"/>
  <issue tracker="cve" id="2018-15127"/>
  <issue tracker="cve" id="2018-15126"/>
  <issue tracker="cve" id="2018-20020"/>
  <issue tracker="cve" id="2018-20021"/>
  <issue tracker="cve" id="2018-20022"/>
  <issue tracker="cve" id="2018-20023"/>
  <issue tracker="cve" id="2018-20019"/>
  <category>security</category>
  <rating>important</rating>
  <packager>pgajdos</packager>
  <description>This update for LibVNCServer fixes the following issues:

Security issues fixed:

- CVE-2018-15126: Fixed use-after-free in file transfer extension (bsc#1120114)
- CVE-2018-6307: Fixed use-after-free in file transfer extension server code (bsc#1120115)
- CVE-2018-20020: Fixed heap out-of-bound write inside structure in VNC client code (bsc#1120116)
- CVE-2018-15127: Fixed heap out-of-bounds write in rfbserver.c (bsc#1120117)
- CVE-2018-20019: Fixed multiple heap out-of-bound writes in VNC client code (bsc#1120118)
- CVE-2018-20023: Fixed information disclosure through improper initialization in VNC Repeater client code (bsc#1120119)
- CVE-2018-20022: Fixed information disclosure through improper initialization in VNC client code (bsc#1120120)
- CVE-2018-20024: Fixed NULL pointer dereference in VNC client code (bsc#1120121)
- CVE-2018-20021: Fixed infinite loop in VNC client code (bsc#1120122)
</description>
  <summary>Security update for LibVNCServer</summary>
</patchinfo>