SUSE 5154 Published by

The following updates has been released for openSUSE:

openSUSE-SU-2019:0016-1: moderate: Security update for GraphicsMagick
openSUSE-SU-2019:0019-1: moderate: Security update for discount
openSUSE-SU-2019:0020-1: moderate: Security update for gpg2
openSUSE-SU-2019:0021-1: important: Security update for libgit2
openSUSE-SU-2019:0022-1: important: Security update for gthumb
openSUSE-SU-2019:0042-1: important: Security update for java-1_7_0-openjdk
openSUSE-SU-2019:0043-1: important: Security update for java-1_8_0-openjdk
openSUSE-SU-2019:0044-1: important: Security update for haproxy
openSUSE-SU-2019:0045-1: important: Security update for LibVNCServer



openSUSE-SU-2019:0016-1: moderate: Security update for GraphicsMagick

openSUSE Security Update: Security update for GraphicsMagick
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:0016-1
Rating: moderate
References: #1120381
Cross-References: CVE-2018-20467
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for GraphicsMagick fixes the following issue:

Security issue fixed:

- CVE-2018-20467: Fixed infinite loop in coders/bmp.c (boo#1120381)


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-16=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

GraphicsMagick-1.3.25-123.1
GraphicsMagick-debuginfo-1.3.25-123.1
GraphicsMagick-debugsource-1.3.25-123.1
GraphicsMagick-devel-1.3.25-123.1
libGraphicsMagick++-Q16-12-1.3.25-123.1
libGraphicsMagick++-Q16-12-debuginfo-1.3.25-123.1
libGraphicsMagick++-devel-1.3.25-123.1
libGraphicsMagick-Q16-3-1.3.25-123.1
libGraphicsMagick-Q16-3-debuginfo-1.3.25-123.1
libGraphicsMagick3-config-1.3.25-123.1
libGraphicsMagickWand-Q16-2-1.3.25-123.1
libGraphicsMagickWand-Q16-2-debuginfo-1.3.25-123.1
perl-GraphicsMagick-1.3.25-123.1
perl-GraphicsMagick-debuginfo-1.3.25-123.1


References:

https://www.suse.com/security/cve/CVE-2018-20467.html
https://bugzilla.suse.com/1120381

--


openSUSE-SU-2019:0019-1: moderate: Security update for discount

openSUSE Security Update: Security update for discount
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:0019-1
Rating: moderate
References: #1094809 #1098252
Cross-References: CVE-2018-11468 CVE-2018-12495
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.0
openSUSE Backports SLE-15
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for discount to version 2.2.4 fixes the following issues:

Security issues fixed:

- CVE-2018-11468: Fixed a heap-based buffer over-read in the
__mkd_trim_line function from mkdio.c (boo#1094809)
- CVE-2018-12495: Fixed a heap-based buffer over-read via a crafted file
(boo#1098252)


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-19=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-19=1

- openSUSE Backports SLE-15:

zypper in -t patch openSUSE-2019-19=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

discount-2.2.4-7.3.1
discount-debugsource-2.2.4-7.3.1
libmarkdown-devel-2.2.4-7.3.1
libmarkdown2-2.2.4-7.3.1
libmarkdown2-debuginfo-2.2.4-7.3.1

- openSUSE Leap 15.0 (x86_64):

discount-2.2.4-lp150.2.3.1
discount-debugsource-2.2.4-lp150.2.3.1
libmarkdown-devel-2.2.4-lp150.2.3.1
libmarkdown2-2.2.4-lp150.2.3.1
libmarkdown2-debuginfo-2.2.4-lp150.2.3.1

- openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):

discount-2.2.4-bp150.3.3.1
libmarkdown-devel-2.2.4-bp150.3.3.1
libmarkdown2-2.2.4-bp150.3.3.1


References:

https://www.suse.com/security/cve/CVE-2018-11468.html
https://www.suse.com/security/cve/CVE-2018-12495.html
https://bugzilla.suse.com/1094809
https://bugzilla.suse.com/1098252

--


openSUSE-SU-2019:0020-1: moderate: Security update for gpg2

openSUSE Security Update: Security update for gpg2
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:0020-1
Rating: moderate
References: #1120346
Cross-References: CVE-2018-1000858
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for gpg2 fixes the following issue:

Security issue fixed:

- CVE-2018-1000858: Fixed a Cross Site Request Forgery(CSRF) vulnerability
in dirmngr that can result in Attacker controlled CSRF (bsc#1120346).

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-20=1



Package List:

- openSUSE Leap 15.0 (i586 x86_64):

gpg2-2.2.5-lp150.3.6.1
gpg2-debuginfo-2.2.5-lp150.3.6.1
gpg2-debugsource-2.2.5-lp150.3.6.1

- openSUSE Leap 15.0 (noarch):

gpg2-lang-2.2.5-lp150.3.6.1


References:

https://www.suse.com/security/cve/CVE-2018-1000858.html
https://bugzilla.suse.com/1120346

--


openSUSE-SU-2019:0021-1: important: Security update for libgit2

openSUSE Security Update: Security update for libgit2
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:0021-1
Rating: important
References: #1110949 #1114729
Cross-References: CVE-2018-19456
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves one vulnerability and has one errata
is now available.

Description:

This update for libgit2 fixes the following issues:

Security issues fixed:

- CVE-2018-19456: Fixed a code execution by malicious .gitmodules file
(bsc#1110949)
- various string-to-integer and buffer handling fixes (bsc#1114729).

This update was imported from the SUSE:SLE-12-SP2:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-21=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

libgit2-24-0.24.1-10.6.1
libgit2-24-debuginfo-0.24.1-10.6.1
libgit2-debugsource-0.24.1-10.6.1
libgit2-devel-0.24.1-10.6.1

- openSUSE Leap 42.3 (x86_64):

libgit2-24-32bit-0.24.1-10.6.1
libgit2-24-debuginfo-32bit-0.24.1-10.6.1


References:

https://www.suse.com/security/cve/CVE-2018-19456.html
https://bugzilla.suse.com/1110949
https://bugzilla.suse.com/1114729

--


openSUSE-SU-2019:0022-1: important: Security update for gthumb

openSUSE Security Update: Security update for gthumb
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:0022-1
Rating: important
References: #1113749
Cross-References: CVE-2018-18718
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.0
openSUSE Backports SLE-15
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for gthumb fixes the following issues:

Security issue fixed:

- CVE-2018-18718: Fixed a double-free in add_themes_from_dir function from
dlg-contact-sheet.c (boo#1113749)


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-22=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-22=1

- openSUSE Backports SLE-15:

zypper in -t patch openSUSE-2019-22=1



Package List:

- openSUSE Leap 42.3 (noarch):

gthumb-lang-3.4.2-7.3.1

- openSUSE Leap 42.3 (x86_64):

gthumb-3.4.2-7.3.1
gthumb-debuginfo-3.4.2-7.3.1
gthumb-debugsource-3.4.2-7.3.1
gthumb-devel-3.4.2-7.3.1

- openSUSE Leap 15.0 (x86_64):

gthumb-3.6.1-lp150.3.3.1
gthumb-debuginfo-3.6.1-lp150.3.3.1
gthumb-debugsource-3.6.1-lp150.3.3.1
gthumb-devel-3.6.1-lp150.3.3.1

- openSUSE Leap 15.0 (noarch):

gthumb-lang-3.6.1-lp150.3.3.1

- openSUSE Backports SLE-15 (x86_64):

gthumb-3.6.1-bp150.2.3.1
gthumb-devel-3.6.1-bp150.2.3.1

- openSUSE Backports SLE-15 (noarch):

gthumb-lang-3.6.1-bp150.2.3.1


References:

https://www.suse.com/security/cve/CVE-2018-18718.html
https://bugzilla.suse.com/1113749

--


openSUSE-SU-2019:0042-1: important: Security update for java-1_7_0-openjdk

openSUSE Security Update: Security update for java-1_7_0-openjdk
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:0042-1
Rating: important
References: #1101644 #1101645 #1101651 #1101656 #1112142
#1112143 #1112144 #1112146 #1112147 #1112152
#1112153
Cross-References: CVE-2018-13785 CVE-2018-16435 CVE-2018-2938
CVE-2018-2940 CVE-2018-2952 CVE-2018-2973
CVE-2018-3136 CVE-2018-3139 CVE-2018-3149
CVE-2018-3169 CVE-2018-3180 CVE-2018-3214
CVE-2018-3639
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes 13 vulnerabilities is now available.

Description:

This update for java-1_7_0-openjdk to version 7u201 fixes the following
issues:

Security issues fixed:

- CVE-2018-3136: Manifest better support (bsc#1112142)
- CVE-2018-3139: Better HTTP Redirection (bsc#1112143)
- CVE-2018-3149: Enhance JNDI lookups (bsc#1112144)
- CVE-2018-3169: Improve field accesses (bsc#1112146)
- CVE-2018-3180: Improve TLS connections stability (bsc#1112147)
- CVE-2018-3214: Better RIFF reading support (bsc#1112152)
- CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153)
- CVE-2018-16435: heap-based buffer overflow in SetData function in
cmsIT8LoadFromFile
- CVE-2018-2938: Support Derby connections (bsc#1101644)
- CVE-2018-2940: Better stack walking (bsc#1101645)
- CVE-2018-2952: Exception to Pattern Syntax (bsc#1101651)
- CVE-2018-2973: Improve LDAP support (bsc#1101656)
- CVE-2018-3639 cpu speculative store bypass mitigation

This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-42=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

java-1_7_0-openjdk-1.7.0.201-54.1
java-1_7_0-openjdk-accessibility-1.7.0.201-54.1
java-1_7_0-openjdk-bootstrap-1.7.0.201-54.1
java-1_7_0-openjdk-bootstrap-debuginfo-1.7.0.201-54.1
java-1_7_0-openjdk-bootstrap-debugsource-1.7.0.201-54.1
java-1_7_0-openjdk-bootstrap-devel-1.7.0.201-54.1
java-1_7_0-openjdk-bootstrap-devel-debuginfo-1.7.0.201-54.1
java-1_7_0-openjdk-bootstrap-headless-1.7.0.201-54.1
java-1_7_0-openjdk-bootstrap-headless-debuginfo-1.7.0.201-54.1
java-1_7_0-openjdk-debuginfo-1.7.0.201-54.1
java-1_7_0-openjdk-debugsource-1.7.0.201-54.1
java-1_7_0-openjdk-demo-1.7.0.201-54.1
java-1_7_0-openjdk-demo-debuginfo-1.7.0.201-54.1
java-1_7_0-openjdk-devel-1.7.0.201-54.1
java-1_7_0-openjdk-devel-debuginfo-1.7.0.201-54.1
java-1_7_0-openjdk-headless-1.7.0.201-54.1
java-1_7_0-openjdk-headless-debuginfo-1.7.0.201-54.1
java-1_7_0-openjdk-src-1.7.0.201-54.1

- openSUSE Leap 42.3 (noarch):

java-1_7_0-openjdk-javadoc-1.7.0.201-54.1


References:

https://www.suse.com/security/cve/CVE-2018-13785.html
https://www.suse.com/security/cve/CVE-2018-16435.html
https://www.suse.com/security/cve/CVE-2018-2938.html
https://www.suse.com/security/cve/CVE-2018-2940.html
https://www.suse.com/security/cve/CVE-2018-2952.html
https://www.suse.com/security/cve/CVE-2018-2973.html
https://www.suse.com/security/cve/CVE-2018-3136.html
https://www.suse.com/security/cve/CVE-2018-3139.html
https://www.suse.com/security/cve/CVE-2018-3149.html
https://www.suse.com/security/cve/CVE-2018-3169.html
https://www.suse.com/security/cve/CVE-2018-3180.html
https://www.suse.com/security/cve/CVE-2018-3214.html
https://www.suse.com/security/cve/CVE-2018-3639.html
https://bugzilla.suse.com/1101644
https://bugzilla.suse.com/1101645
https://bugzilla.suse.com/1101651
https://bugzilla.suse.com/1101656
https://bugzilla.suse.com/1112142
https://bugzilla.suse.com/1112143
https://bugzilla.suse.com/1112144
https://bugzilla.suse.com/1112146
https://bugzilla.suse.com/1112147
https://bugzilla.suse.com/1112152
https://bugzilla.suse.com/1112153

--


openSUSE-SU-2019:0043-1: important: Security update for java-1_8_0-openjdk

openSUSE Security Update: Security update for java-1_8_0-openjdk
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:0043-1
Rating: important
References: #1112142 #1112143 #1112144 #1112146 #1112147
#1112148 #1112152 #1112153
Cross-References: CVE-2018-13785 CVE-2018-16435 CVE-2018-3136
CVE-2018-3139 CVE-2018-3149 CVE-2018-3169
CVE-2018-3180 CVE-2018-3183 CVE-2018-3214

Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes 9 vulnerabilities is now available.

Description:

This update for java-1_8_0-openjdk to version 8u191 fixes the following
issues:

Security issues fixed:

- CVE-2018-3136: Manifest better support (bsc#1112142)
- CVE-2018-3139: Better HTTP Redirection (bsc#1112143)
- CVE-2018-3149: Enhance JNDI lookups (bsc#1112144)
- CVE-2018-3169: Improve field accesses (bsc#1112146)
- CVE-2018-3180: Improve TLS connections stability (bsc#1112147)
- CVE-2018-3214: Better RIFF reading support (bsc#1112152)
- CVE-2018-13785: Upgrade JDK 8u to libpng 1.6.35 (bsc#1112153)
- CVE-2018-3183: Improve script engine support (bsc#1112148)
- CVE-2018-16435: heap-based buffer overflow in SetData function in
cmsIT8LoadFromFile

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-43=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-43=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

java-1_8_0-openjdk-1.8.0.191-30.1
java-1_8_0-openjdk-accessibility-1.8.0.191-30.1
java-1_8_0-openjdk-debuginfo-1.8.0.191-30.1
java-1_8_0-openjdk-debugsource-1.8.0.191-30.1
java-1_8_0-openjdk-demo-1.8.0.191-30.1
java-1_8_0-openjdk-demo-debuginfo-1.8.0.191-30.1
java-1_8_0-openjdk-devel-1.8.0.191-30.1
java-1_8_0-openjdk-devel-debuginfo-1.8.0.191-30.1
java-1_8_0-openjdk-headless-1.8.0.191-30.1
java-1_8_0-openjdk-headless-debuginfo-1.8.0.191-30.1
java-1_8_0-openjdk-src-1.8.0.191-30.1

- openSUSE Leap 42.3 (noarch):

java-1_8_0-openjdk-javadoc-1.8.0.191-30.1

- openSUSE Leap 15.0 (i586 x86_64):

java-1_8_0-openjdk-1.8.0.191-lp150.2.9.2
java-1_8_0-openjdk-accessibility-1.8.0.191-lp150.2.9.2
java-1_8_0-openjdk-debuginfo-1.8.0.191-lp150.2.9.2
java-1_8_0-openjdk-debugsource-1.8.0.191-lp150.2.9.2
java-1_8_0-openjdk-demo-1.8.0.191-lp150.2.9.2
java-1_8_0-openjdk-demo-debuginfo-1.8.0.191-lp150.2.9.2
java-1_8_0-openjdk-devel-1.8.0.191-lp150.2.9.2
java-1_8_0-openjdk-devel-debuginfo-1.8.0.191-lp150.2.9.2
java-1_8_0-openjdk-headless-1.8.0.191-lp150.2.9.2
java-1_8_0-openjdk-headless-debuginfo-1.8.0.191-lp150.2.9.2
java-1_8_0-openjdk-src-1.8.0.191-lp150.2.9.2

- openSUSE Leap 15.0 (noarch):

java-1_8_0-openjdk-javadoc-1.8.0.191-lp150.2.9.2


References:

https://www.suse.com/security/cve/CVE-2018-13785.html
https://www.suse.com/security/cve/CVE-2018-16435.html
https://www.suse.com/security/cve/CVE-2018-3136.html
https://www.suse.com/security/cve/CVE-2018-3139.html
https://www.suse.com/security/cve/CVE-2018-3149.html
https://www.suse.com/security/cve/CVE-2018-3169.html
https://www.suse.com/security/cve/CVE-2018-3180.html
https://www.suse.com/security/cve/CVE-2018-3183.html
https://www.suse.com/security/cve/CVE-2018-3214.html
https://bugzilla.suse.com/1112142
https://bugzilla.suse.com/1112143
https://bugzilla.suse.com/1112144
https://bugzilla.suse.com/1112146
https://bugzilla.suse.com/1112147
https://bugzilla.suse.com/1112148
https://bugzilla.suse.com/1112152
https://bugzilla.suse.com/1112153

--


openSUSE-SU-2019:0044-1: important: Security update for haproxy

openSUSE Security Update: Security update for haproxy
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:0044-1
Rating: important
References: #1119368 #1119419
Cross-References: CVE-2018-20102 CVE-2018-20103
Affected Products:
openSUSE Leap 15.0
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for haproxy to version 1.8.15 fixes the following issues:

Security issues fixed:

- CVE-2018-20102: Fixed an out-of-bounds read in
dns_validate_dns_response(), which allowed for memory disclosure
(bsc#1119368)
- CVE-2018-20103: Fixed an infinite recursion via crafted packet allows
stack exhaustion and denial of service (bsc#1119419)

Other notable bug fixes:

- Fix off-by-one write in dns_validate_dns_response()
- Fix out-of-bounds read via signedness error in
dns_validate_dns_response()
- Prevent out-of-bounds read in dns_validate_dns_response()
- Prevent out-of-bounds read in dns_read_name()
- Prevent stack-exhaustion via recursion loop in dns_read_name

For a full list of changes, please refer to:
https://www.haproxy.org/download/1.8/src/CHANGELOG

This update was imported from the SUSE:SLE-15:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-44=1



Package List:

- openSUSE Leap 15.0 (x86_64):

haproxy-1.8.15~git0.6b6a350a-lp150.2.6.1
haproxy-debuginfo-1.8.15~git0.6b6a350a-lp150.2.6.1
haproxy-debugsource-1.8.15~git0.6b6a350a-lp150.2.6.1


References:

https://www.suse.com/security/cve/CVE-2018-20102.html
https://www.suse.com/security/cve/CVE-2018-20103.html
https://bugzilla.suse.com/1119368
https://bugzilla.suse.com/1119419

--


openSUSE-SU-2019:0045-1: important: Security update for LibVNCServer

openSUSE Security Update: Security update for LibVNCServer
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:0045-1
Rating: important
References: #1120114 #1120115 #1120116 #1120117 #1120118
#1120119 #1120120 #1120121 #1120122
Cross-References: CVE-2018-15126 CVE-2018-15127 CVE-2018-20019
CVE-2018-20020 CVE-2018-20021 CVE-2018-20022
CVE-2018-20023 CVE-2018-20024 CVE-2018-6307

Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes 9 vulnerabilities is now available.

Description:

This update for LibVNCServer fixes the following issues:

Security issues fixed:

- CVE-2018-15126: Fixed use-after-free in file transfer extension
(bsc#1120114)
- CVE-2018-6307: Fixed use-after-free in file transfer extension server
code (bsc#1120115)
- CVE-2018-20020: Fixed heap out-of-bound write inside structure in VNC
client code (bsc#1120116)
- CVE-2018-15127: Fixed heap out-of-bounds write in rfbserver.c
(bsc#1120117)
- CVE-2018-20019: Fixed multiple heap out-of-bound writes in VNC client
code (bsc#1120118)
- CVE-2018-20023: Fixed information disclosure through improper
initialization in VNC Repeater client code (bsc#1120119)
- CVE-2018-20022: Fixed information disclosure through improper
initialization in VNC client code (bsc#1120120)
- CVE-2018-20024: Fixed NULL pointer dereference in VNC client code
(bsc#1120121)
- CVE-2018-20021: Fixed infinite loop in VNC client code (bsc#1120122)

This update was imported from the SUSE:SLE-12:Update update project.


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-45=1



Package List:

- openSUSE Leap 42.3 (i586 x86_64):

LibVNCServer-debugsource-0.9.9-16.6.1
LibVNCServer-devel-0.9.9-16.6.1
libvncclient0-0.9.9-16.6.1
libvncclient0-debuginfo-0.9.9-16.6.1
libvncserver0-0.9.9-16.6.1
libvncserver0-debuginfo-0.9.9-16.6.1
linuxvnc-0.9.9-16.6.1
linuxvnc-debuginfo-0.9.9-16.6.1


References:

https://www.suse.com/security/cve/CVE-2018-15126.html
https://www.suse.com/security/cve/CVE-2018-15127.html
https://www.suse.com/security/cve/CVE-2018-20019.html
https://www.suse.com/security/cve/CVE-2018-20020.html
https://www.suse.com/security/cve/CVE-2018-20021.html
https://www.suse.com/security/cve/CVE-2018-20022.html
https://www.suse.com/security/cve/CVE-2018-20023.html
https://www.suse.com/security/cve/CVE-2018-20024.html
https://www.suse.com/security/cve/CVE-2018-6307.html
https://bugzilla.suse.com/1120114
https://bugzilla.suse.com/1120115
https://bugzilla.suse.com/1120116
https://bugzilla.suse.com/1120117
https://bugzilla.suse.com/1120118
https://bugzilla.suse.com/1120119
https://bugzilla.suse.com/1120120
https://bugzilla.suse.com/1120121
https://bugzilla.suse.com/1120122

--