Bugzilla – Bug 1203106
VUL-0: CVE-2020-29260: LibVNCServer: memory leakage via rfbClientCleanup()
Last modified: 2024-04-19 14:02:25 UTC
rh#2124164 libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup(). Upstream fix: https://github.com/LibVNC/libvncserver/commit/bef41f6ec4097a8ee094f90a1b34a708fbd757ec References: https://bugzilla.redhat.com/show_bug.cgi?id=2124164 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29260 https://www.cve.org/CVERecord?id=CVE-2020-29260 https://github.com/LibVNC/libvncserver/commit/bef41f6ec4097a8ee094f90a1b34a708fbd757ec http://www.cvedetails.com/cve/CVE-2020-29260/
No new version containing the fix yet. Affected: - SUSE:SLE-11:Update - SUSE:SLE-12:Update - SUSE:SLE-15:Update - SUSE:SLE-15-SP4:Update - openSUSE:Factory
Package submitted for 15sp4,15,12,11/LibVNCServer. I believe all fixed.
This is an autogenerated message for OBS integration: This bug (1203106) was mentioned in https://build.opensuse.org/request/show/1001885 Factory / LibVNCServer
SUSE-SU-2022:3540-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1203106 CVE References: CVE-2020-29260 JIRA References: Sources used: openSUSE Leap 15.4 (src): LibVNCServer-0.9.13-150400.3.3.1 SUSE Linux Enterprise Workstation Extension 15-SP4 (src): LibVNCServer-0.9.13-150400.3.3.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (src): LibVNCServer-0.9.13-150400.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:3990-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1203106 CVE References: CVE-2020-29260 JIRA References: Sources used: openSUSE Leap 15.4 (src): LibVNCServer-0.9.10-150000.4.29.1 openSUSE Leap 15.3 (src): LibVNCServer-0.9.10-150000.4.29.1 SUSE Linux Enterprise Workstation Extension 15-SP3 (src): LibVNCServer-0.9.10-150000.4.29.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (src): LibVNCServer-0.9.10-150000.4.29.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src): LibVNCServer-0.9.10-150000.4.29.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:4330-1: An update that solves one vulnerability and has three fixes is now available. Category: security (moderate) Bug References: 1170916,1203106,1204127,1204129 CVE References: CVE-2020-29260 JIRA References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): LibVNCServer-0.9.9-17.41.1 SUSE Linux Enterprise Server 12-SP5 (src): LibVNCServer-0.9.9-17.41.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2023:0029-1: An update that has 5 recommended fixes can now be installed. Category: recommended (important) Bug References: 1170916,1173477,1203106,1204127,1204129 CVE References: JIRA References: Sources used: openSUSE Leap 15.3 (src): LibVNCServer-0.9.10-150000.4.32.3 SUSE Linux Enterprise Workstation Extension 15-SP3 (src): LibVNCServer-0.9.10-150000.4.32.3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src): LibVNCServer-0.9.10-150000.4.32.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done