Bugzilla – Bug 962627
VUL-0: CVE-2014-7815: xen: vnc: insufficient bits_per_pixel from the client sanitization
Last modified: 2021-01-22 08:58:18 UTC
+++ This bug was initially created as a clone of Bug #902737 +++ rh#1157641 bits_per_pixel that are less than 8 could result in accessing non-initialized buffers later in the code due to the expectation that bytes_per_pixel value that is used to initialize these buffers is never zero. To fix this check that bits_per_pixel from the client is one of the values that the rfb protocol specification allows. References: https://bugzilla.redhat.com/show_bug.cgi?id=1157641 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7815
bugbot adjusting priority
This bug may be included in one or more of the submissions listed below. SUSE:SLE-12-SP1:Update: 98638 SUSE:SLE-12:Update: 98642 SUSE:SLE-11-SP4:Update: 98646 SUSE:SLE-11-SP3:Update: 98650 SUSE:SLE-11-SP2:Update: 98654 SUSE:SLE-11-SP1:Update:Teradata: 98658 SUSE:SLE-11-SP1:Update: 98662 SUSE:SLE-10-SP4:Update:Test: 98666 SUSE:SLE-10-SP3:Update:Test: 98670 openSUSE:Factory: 362063 openSUSE:Leap:42.1:Update: 362057 openSUSE:13.2:Update: 362060
An update workflow for this issue was started. This issue was rated as low. Please submit fixed packages until 2016-05-06. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62613
openSUSE-SU-2016:0995-1: An update that fixes 33 vulnerabilities is now available. Category: security (important) Bug References: 944463,944697,945989,956829,960334,960707,960725,960835,960861,960862,961332,961358,961691,962335,962360,962611,962627,962632,962642,962758,963782,964413,964431,964452,964644,964925,964929,964950,965156,965315,965317,967012,967969 CVE References: CVE-2013-4529,CVE-2013-4530,CVE-2013-4533,CVE-2013-4534,CVE-2013-4537,CVE-2013-4538,CVE-2013-4539,CVE-2014-0222,CVE-2014-3689,CVE-2014-7815,CVE-2014-9718,CVE-2015-1779,CVE-2015-5239,CVE-2015-5278,CVE-2015-6815,CVE-2015-6855,CVE-2015-7512,CVE-2015-8345,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2016-1568,CVE-2016-1570,CVE-2016-1571,CVE-2016-1714,CVE-2016-1981,CVE-2016-2198,CVE-2016-2270,CVE-2016-2271,CVE-2016-2392,CVE-2016-2538 Sources used: openSUSE 13.2 (src): xen-4.4.4_02-43.1
SUSE-SU-2016:1318-1: An update that solves 45 vulnerabilities and has three fixes is now available. Category: security (important) Bug References: 954872,956832,957988,958007,958009,958493,958523,958918,959006,959387,959695,960707,960726,960836,960861,960862,961332,961358,961692,962321,962335,962360,962611,962627,962632,962642,962758,963783,963923,964415,964431,964452,964644,964746,964925,964929,964947,964950,965112,965156,965269,965315,965317,967090,967101,968004,969125,969126 CVE References: CVE-2013-4527,CVE-2013-4529,CVE-2013-4530,CVE-2013-4533,CVE-2013-4534,CVE-2013-4537,CVE-2013-4538,CVE-2013-4539,CVE-2014-0222,CVE-2014-3640,CVE-2014-3689,CVE-2014-7815,CVE-2014-9718,CVE-2015-1779,CVE-2015-5278,CVE-2015-6855,CVE-2015-7512,CVE-2015-7549,CVE-2015-8345,CVE-2015-8504,CVE-2015-8550,CVE-2015-8554,CVE-2015-8555,CVE-2015-8558,CVE-2015-8567,CVE-2015-8568,CVE-2015-8613,CVE-2015-8619,CVE-2015-8743,CVE-2015-8744,CVE-2015-8745,CVE-2015-8817,CVE-2015-8818,CVE-2016-1568,CVE-2016-1570,CVE-2016-1571,CVE-2016-1714,CVE-2016-1922,CVE-2016-1981,CVE-2016-2198,CVE-2016-2270,CVE-2016-2271,CVE-2016-2391,CVE-2016-2392,CVE-2016-2538 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): xen-4.4.4_02-22.19.1 SUSE Linux Enterprise Server 12 (src): xen-4.4.4_02-22.19.1 SUSE Linux Enterprise Desktop 12 (src): xen-4.4.4_02-22.19.1
SUSE-SU-2016:1445-1: An update that fixes 8 vulnerabilities is now available. Category: security (important) Bug References: 960726,962627,964925,964947,965315,965317,967101,969351 CVE References: CVE-2014-0222,CVE-2014-7815,CVE-2015-5278,CVE-2015-8743,CVE-2016-2270,CVE-2016-2271,CVE-2016-2391,CVE-2016-2841 Sources used: SUSE Linux Enterprise Server 10 SP4 LTSS (src): xen-3.2.3_17040_46-0.25.1