Security update for tigervnc, fltk

SUSE Security Update: Security update for tigervnc, fltk
Announcement ID: SUSE-SU-2015:0939-1
Rating: moderate
References: #908738 #911577 #915782 #915810 #920969
Affected Products:
  • SUSE Linux Enterprise Software Development Kit 12
  • SUSE Linux Enterprise Server 12
  • SUSE Linux Enterprise Desktop 12
    		•

    An update that solves one vulnerability and has four fixes is now available.

    Description:

    tigervnc and fltk were updated to fix security issues and non-security
    bugs.

    This security issue was fixed:
    - CVE-2015-0255: Information leak in the XkbSetGeometry request of X
    servers (bnc#915810).

    These non-security issues were fixed:
    - vncviewer-tigervnc does not display mouse cursor shape changes
    (bnc#908738).
    - vnc module for Xorg fails to load on startup, module mismatch
    (bnc#911577).
    - An Xvnc session may become unusable when user logs out (bnc#920969)

    fltk was updated to fix one non-security issue:
    - vncviewer-tigervnc does not display mouse cursor shape changes
    (bnc#908738).

    Additionally tigervnc was updated to 1.4.1, the contained X server was
    updated to to 1.15.2.

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Software Development Kit 12:
      zypper in -t patch SUSE-SLE-SDK-12-2015-210=1
    • SUSE Linux Enterprise Server 12:
      zypper in -t patch SUSE-SLE-SERVER-12-2015-210=1
    • SUSE Linux Enterprise Desktop 12:
      zypper in -t patch SUSE-SLE-DESKTOP-12-2015-210=1

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):
      • fltk-debugsource-1.3.2-10.2
      • fltk-devel-1.3.2-10.2
      • fltk-devel-debuginfo-1.3.2-10.2
      • fltk-devel-static-1.3.2-10.2
    • SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):
      • fltk-debugsource-1.3.2-10.2
      • libfltk1-1.3.2-10.2
      • libfltk1-debuginfo-1.3.2-10.2
      • tigervnc-1.4.1-32.1
      • tigervnc-debuginfo-1.4.1-32.1
      • tigervnc-debugsource-1.4.1-32.1
      • xorg-x11-Xvnc-1.4.1-32.1
      • xorg-x11-Xvnc-debuginfo-1.4.1-32.1
    • SUSE Linux Enterprise Desktop 12 (x86_64):
      • fltk-debugsource-1.3.2-10.2
      • libfltk1-1.3.2-10.2
      • libfltk1-debuginfo-1.3.2-10.2
      • tigervnc-1.4.1-32.1
      • tigervnc-debuginfo-1.4.1-32.1
      • tigervnc-debugsource-1.4.1-32.1
      • xorg-x11-Xvnc-1.4.1-32.1
      • xorg-x11-Xvnc-debuginfo-1.4.1-32.1

    References: