SUSE-SU-2015:0939-1: moderate: Security update for tigervnc, fltk

Tue May 26 03:04:56 MDT 2015

   SUSE Security Update: Security update for tigervnc, fltk
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:0939-1
Rating:             moderate
References:         #908738 #911577 #915782 #915810 #920969 
Cross-References:   CVE-2015-0255
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12
                    SUSE Linux Enterprise Server 12
                    SUSE Linux Enterprise Desktop 12
______________________________________________________________________________

   An update that solves one vulnerability and has four fixes
   is now available.

Description:

   tigervnc and fltk were updated to fix security issues and non-security
   bugs.

   This security issue was fixed:
   - CVE-2015-0255: Information leak in the XkbSetGeometry request of X
     servers (bnc#915810).

   These non-security issues were fixed:
   - vncviewer-tigervnc does not display mouse cursor shape changes
     (bnc#908738).
   - vnc module for Xorg fails to load on startup, module mismatch
     (bnc#911577).
   - An Xvnc session may become unusable when user logs out (bnc#920969)

   fltk was updated to fix one non-security issue:
   - vncviewer-tigervnc does not display mouse cursor shape changes
     (bnc#908738).

   Additionally tigervnc was updated to 1.4.1, the contained X server was
   updated to to 1.15.2.

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12:

      zypper in -t patch SUSE-SLE-SDK-12-2015-210=1

   - SUSE Linux Enterprise Server 12:

      zypper in -t patch SUSE-SLE-SERVER-12-2015-210=1

   - SUSE Linux Enterprise Desktop 12:

      zypper in -t patch SUSE-SLE-DESKTOP-12-2015-210=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):

      fltk-debugsource-1.3.2-10.2
      fltk-devel-1.3.2-10.2
      fltk-devel-debuginfo-1.3.2-10.2
      fltk-devel-static-1.3.2-10.2

   - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):

      fltk-debugsource-1.3.2-10.2
      libfltk1-1.3.2-10.2
      libfltk1-debuginfo-1.3.2-10.2
      tigervnc-1.4.1-32.1
      tigervnc-debuginfo-1.4.1-32.1
      tigervnc-debugsource-1.4.1-32.1
      xorg-x11-Xvnc-1.4.1-32.1
      xorg-x11-Xvnc-debuginfo-1.4.1-32.1

   - SUSE Linux Enterprise Desktop 12 (x86_64):

      fltk-debugsource-1.3.2-10.2
      libfltk1-1.3.2-10.2
      libfltk1-debuginfo-1.3.2-10.2
      tigervnc-1.4.1-32.1
      tigervnc-debuginfo-1.4.1-32.1
      tigervnc-debugsource-1.4.1-32.1
      xorg-x11-Xvnc-1.4.1-32.1
      xorg-x11-Xvnc-debuginfo-1.4.1-32.1

References:

   https://www.suse.com/security/cve/CVE-2015-0255.html
   https://bugzilla.suse.com/908738
   https://bugzilla.suse.com/911577
   https://bugzilla.suse.com/915782
   https://bugzilla.suse.com/915810
   https://bugzilla.suse.com/920969