Headline
RHSA-2023:2830: Red Hat Security Advisory: tigervnc security and bug fix update
An update for tigervnc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-4283: A vulnerability was found in X.Org. This issue occurs because the XkbCopyNames function leaves a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
- CVE-2022-46340: A vulnerability was found in X.Org. The issue occurs due to the swap handler for the XTestFakeInput request of the XTest extension, possibly corrupting the stack if GenericEvents with lengths larger than 32 bytes are sent through the XTestFakeInput request. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where the client and server use the same byte order.
- CVE-2022-46341: A vulnerability was found in X.Org. This issue occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
- CVE-2022-46342: A vulnerability was found in X.Org. This flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
- CVE-2022-46343: A vulnerability was found in X.Org. This issue occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This flaw can lead to local privileges elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
- CVE-2022-46344: A vulnerability was found in X.Org. The issue occurs because the handler for the XIChangeProperty request has a length-validation issue, resulting in out-of-bounds memory reads and potential information disclosure. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-05-16
Updated:
2023-05-16
RHSA-2023:2830 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: tigervnc security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for tigervnc is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.
Security Fix(es):
- xorg-x11-server: XkbGetKbdByName use-after-free (CVE-2022-4283)
- xorg-x11-server: XTestSwapFakeInput stack overflow (CVE-2022-46340)
- xorg-x11-server: XIPassiveUngrab out-of-bounds access (CVE-2022-46341)
- xorg-x11-server: XvdiSelectVideoNotify use-after-free (CVE-2022-46342)
- xorg-x11-server: ScreenSaverSetAttributes use-after-free (CVE-2022-46343)
- xorg-x11-server: XIChangeProperty out-of-bounds access (CVE-2022-46344)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 1437569 - x0vncserver incorrectly maps keysym from vncclient running german keyboard
- BZ - 2151755 - CVE-2022-46340 xorg-x11-server: XTestSwapFakeInput stack overflow
- BZ - 2151756 - CVE-2022-46341 xorg-x11-server: XIPassiveUngrab out-of-bounds access
- BZ - 2151757 - CVE-2022-46342 xorg-x11-server: XvdiSelectVideoNotify use-after-free
- BZ - 2151758 - CVE-2022-46343 xorg-x11-server: ScreenSaverSetAttributes use-after-free
- BZ - 2151760 - CVE-2022-46344 xorg-x11-server: XIChangeProperty out-of-bounds access
- BZ - 2151761 - CVE-2022-4283 xorg-x11-server: XkbGetKbdByName use-after-free
- BZ - 2164704 - selinux policy will not allow tigervnc-server to start
- BZ - 2169960 - Backport upstream fix for broken keyboard handling
CVEs
- CVE-2022-4283
- CVE-2022-46340
- CVE-2022-46341
- CVE-2022-46342
- CVE-2022-46343
- CVE-2022-46344
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index
Red Hat Enterprise Linux for x86_64 8
SRPM
tigervnc-1.12.0-15.el8_8.src.rpm
SHA-256: b24806c9529f5b2a2e8627f7247ccbc851d9708c5c7400119068d37cad958316
x86_64
tigervnc-1.12.0-15.el8_8.x86_64.rpm
SHA-256: 070074512aba657edb361737bf12e1de94994674088ab987f05f1f7dd3b9d125
tigervnc-debuginfo-1.12.0-15.el8_8.x86_64.rpm
SHA-256: 73a9190ef79c91a8ddc9b13bb642249c2e2090d630803e2ead5c00fca5968f77
tigervnc-debugsource-1.12.0-15.el8_8.x86_64.rpm
SHA-256: 9c1f99fbb5cd8cf9c29eb6c1251c716061e0c245365b80b051ace5021d9f562e
tigervnc-icons-1.12.0-15.el8_8.noarch.rpm
SHA-256: 50ac715afbf2f88c3c32f15d9e115f245f93a9ba536cdfcb706db62a1e4d629b
tigervnc-license-1.12.0-15.el8_8.noarch.rpm
SHA-256: fcc6fc4a757f306d95e5c57bd121cd2669926e0ef52fd31610b98191cc6be168
tigervnc-selinux-1.12.0-15.el8_8.noarch.rpm
SHA-256: bf88f8972879a653eff70dfa79a79733c65f308c538bcb5b61b3a8894820f3ab
tigervnc-server-1.12.0-15.el8_8.x86_64.rpm
SHA-256: 9c1da015cc71f1208a68edfd424bfb332f2a1bf1ae3ce9d39fb061ceca433ff1
tigervnc-server-debuginfo-1.12.0-15.el8_8.x86_64.rpm
SHA-256: 8d3ea519471bbeb974d5734e79ae44074d3e76632532d8cea34f2773f4117854
tigervnc-server-minimal-1.12.0-15.el8_8.x86_64.rpm
SHA-256: 498c4c581f047099a377235c5caf2a90ae4d3319edbab78897398f2872011797
tigervnc-server-minimal-debuginfo-1.12.0-15.el8_8.x86_64.rpm
SHA-256: 9aa968e37f6d2c75b7bae57b59c145296039cdbdef4f944b71b4d98b1db6ba0c
tigervnc-server-module-1.12.0-15.el8_8.x86_64.rpm
SHA-256: 6f694db3b7aa0a26b95a849203358d8024a344b6bcfb1fd769f07222fb59f205
tigervnc-server-module-debuginfo-1.12.0-15.el8_8.x86_64.rpm
SHA-256: 7779ffe8317336253df2f83e963fa35994226be6429fe7a09e142e341a98cb73
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
tigervnc-1.12.0-15.el8_8.src.rpm
SHA-256: b24806c9529f5b2a2e8627f7247ccbc851d9708c5c7400119068d37cad958316
s390x
tigervnc-1.12.0-15.el8_8.s390x.rpm
SHA-256: 50f43cb610d2fe0bea26e7b457a6a3bf7b68ae0a1520aa85fad735cfa31cd9e0
tigervnc-debuginfo-1.12.0-15.el8_8.s390x.rpm
SHA-256: 042312845db229cfa92929539c807459dd8badc34fadf8e04ebc71e603141a9c
tigervnc-debugsource-1.12.0-15.el8_8.s390x.rpm
SHA-256: 06b3e32f28667f5a8a9c1d0b93f131301056ce97fb11c6ee21575f0150142c75
tigervnc-icons-1.12.0-15.el8_8.noarch.rpm
SHA-256: 50ac715afbf2f88c3c32f15d9e115f245f93a9ba536cdfcb706db62a1e4d629b
tigervnc-license-1.12.0-15.el8_8.noarch.rpm
SHA-256: fcc6fc4a757f306d95e5c57bd121cd2669926e0ef52fd31610b98191cc6be168
tigervnc-selinux-1.12.0-15.el8_8.noarch.rpm
SHA-256: bf88f8972879a653eff70dfa79a79733c65f308c538bcb5b61b3a8894820f3ab
tigervnc-server-1.12.0-15.el8_8.s390x.rpm
SHA-256: f031ab0153a3acbda311a1a9ee7ccc904597689eaca9998dd0d666a853a12684
tigervnc-server-debuginfo-1.12.0-15.el8_8.s390x.rpm
SHA-256: 989e2f1c505013377038d0592913066bb13e1a38e3218b1834027ead82651827
tigervnc-server-minimal-1.12.0-15.el8_8.s390x.rpm
SHA-256: 4942c9fb20f92b84dd83fc9f139455bc7c2fc222f916467aa621eb94be7afa8f
tigervnc-server-minimal-debuginfo-1.12.0-15.el8_8.s390x.rpm
SHA-256: aafe5badac30904be4181c97fda3ddf381dee5500a5c24883fc031acdb940d97
tigervnc-server-module-1.12.0-15.el8_8.s390x.rpm
SHA-256: 9d4ecf0bf85bf0ae1d89cd35b0676e664802e35eddf23d6a0514ead93f3048c3
tigervnc-server-module-debuginfo-1.12.0-15.el8_8.s390x.rpm
SHA-256: 953c55afc63d086d311c461a30f047b18d3da3ae14b7ff1b59ab21b451bc29d0
Red Hat Enterprise Linux for Power, little endian 8
SRPM
tigervnc-1.12.0-15.el8_8.src.rpm
SHA-256: b24806c9529f5b2a2e8627f7247ccbc851d9708c5c7400119068d37cad958316
ppc64le
tigervnc-1.12.0-15.el8_8.ppc64le.rpm
SHA-256: b92b3de6a677b8b07d7c622089bf7559e716212693edb1999d1f68a384868c08
tigervnc-debuginfo-1.12.0-15.el8_8.ppc64le.rpm
SHA-256: d1a20bd3cd73e09cc09a627db322a46a81580da185e54f4d783628acb7659aa8
tigervnc-debugsource-1.12.0-15.el8_8.ppc64le.rpm
SHA-256: e330f821844b8dba59440722fcac351dd6ec2c79013ce65ddd0423ed23917d42
tigervnc-icons-1.12.0-15.el8_8.noarch.rpm
SHA-256: 50ac715afbf2f88c3c32f15d9e115f245f93a9ba536cdfcb706db62a1e4d629b
tigervnc-license-1.12.0-15.el8_8.noarch.rpm
SHA-256: fcc6fc4a757f306d95e5c57bd121cd2669926e0ef52fd31610b98191cc6be168
tigervnc-selinux-1.12.0-15.el8_8.noarch.rpm
SHA-256: bf88f8972879a653eff70dfa79a79733c65f308c538bcb5b61b3a8894820f3ab
tigervnc-server-1.12.0-15.el8_8.ppc64le.rpm
SHA-256: cc0e07b886246b60a67091fe56ca42e68847bcd39e1816736ef950fb3b7b15b1
tigervnc-server-debuginfo-1.12.0-15.el8_8.ppc64le.rpm
SHA-256: 2578cb98b42ae72fde1c5514226c220b6e94426709514452729d9bc746eb8207
tigervnc-server-minimal-1.12.0-15.el8_8.ppc64le.rpm
SHA-256: f159aa2b1578a0ca0816e7f41f9b1b612f560d03e0def5c3962725057dc60867
tigervnc-server-minimal-debuginfo-1.12.0-15.el8_8.ppc64le.rpm
SHA-256: 0f96671f73429945c2797af69ceb2c4d987e63f855431eb1bdb6c0da995930e8
tigervnc-server-module-1.12.0-15.el8_8.ppc64le.rpm
SHA-256: 6d9b98c0927f4b684761419b901c68df3c8dc48c583f0f05a8e95f9796e9bf55
tigervnc-server-module-debuginfo-1.12.0-15.el8_8.ppc64le.rpm
SHA-256: 7b0cb5804b0b31c2d680d7baaff60c1e2f204ed2efcd796f2def559fa7734192
Red Hat Enterprise Linux for ARM 64 8
SRPM
tigervnc-1.12.0-15.el8_8.src.rpm
SHA-256: b24806c9529f5b2a2e8627f7247ccbc851d9708c5c7400119068d37cad958316
aarch64
tigervnc-1.12.0-15.el8_8.aarch64.rpm
SHA-256: 5172dc0b3cf2c8c689b87f07e4664a4714df72670666139464ff0de872951987
tigervnc-debuginfo-1.12.0-15.el8_8.aarch64.rpm
SHA-256: 1ef039822a6f7c7f99085bb7366c288913989542861854dbefe1c17e45105ee8
tigervnc-debugsource-1.12.0-15.el8_8.aarch64.rpm
SHA-256: 0d6ca9255c0d94000f7b97ad6af52369bfb1cbb80eb8d2846ea3f6f424cf85b2
tigervnc-icons-1.12.0-15.el8_8.noarch.rpm
SHA-256: 50ac715afbf2f88c3c32f15d9e115f245f93a9ba536cdfcb706db62a1e4d629b
tigervnc-license-1.12.0-15.el8_8.noarch.rpm
SHA-256: fcc6fc4a757f306d95e5c57bd121cd2669926e0ef52fd31610b98191cc6be168
tigervnc-selinux-1.12.0-15.el8_8.noarch.rpm
SHA-256: bf88f8972879a653eff70dfa79a79733c65f308c538bcb5b61b3a8894820f3ab
tigervnc-server-1.12.0-15.el8_8.aarch64.rpm
SHA-256: d6d821f52c01622020869d6c9c6a66aad5ca66ffbb3afa0083309098f241f40b
tigervnc-server-debuginfo-1.12.0-15.el8_8.aarch64.rpm
SHA-256: 668189b5632c241a8e03f3a3a2d1bb1a2a4140115843eb73df3b90ac37e0a7c5
tigervnc-server-minimal-1.12.0-15.el8_8.aarch64.rpm
SHA-256: 387367f7a7db67746a01271c3b4b5f170c1083e98929d9ead31799558d89a159
tigervnc-server-minimal-debuginfo-1.12.0-15.el8_8.aarch64.rpm
SHA-256: d940ff940d41437e027963714b3c4ded55c7c63e970795c33477c634b513df62
tigervnc-server-module-1.12.0-15.el8_8.aarch64.rpm
SHA-256: 57d030c9633cbe9acd9a2f5abbebda40262b7735f039de9b1695c881a3f3658e
tigervnc-server-module-debuginfo-1.12.0-15.el8_8.aarch64.rpm
SHA-256: a9f829e5110f2a5a0fd0d3f33250340dd4431312496b5e167c4816d7446a65af
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The Pro...
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The Pro...
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The Pro...
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The Pro...
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The Pro...
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The Pro...
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The ProcXkbGetKb...
An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: A vulnerability was found in X.Org. This issue occurs because the XkbCopyNames function leaves a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwar...
An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: A vulnerability was found in X.Org. This issue occurs because the XkbCopyNames function leaves a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwar...
An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: A vulnerability was found in X.Org. This issue occurs because the XkbCopyNames function leaves a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwar...
An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: A vulnerability was found in X.Org. This issue occurs because the XkbCopyNames function leaves a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwar...
An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: A vulnerability was found in X.Org. This issue occurs because the XkbCopyNames function leaves a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwar...
An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: A vulnerability was found in X.Org. This issue occurs because the XkbCopyNames function leaves a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwar...
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The ProcXkbGetKb...
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The ProcXkbGetKb...
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The ProcXkbGetKb...
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The ProcXkbGetKb...
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The ProcXkbGetKb...
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The ProcXkbGetKb...
Ubuntu Security Notice 5778-2 - USN-5778-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Ubuntu Security Notice 5778-2 - USN-5778-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Ubuntu Security Notice 5778-2 - USN-5778-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Ubuntu Security Notice 5778-2 - USN-5778-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Ubuntu Security Notice 5778-2 - USN-5778-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Ubuntu Security Notice 5778-2 - USN-5778-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Red Hat Security Advisory 2023-0045-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include out of bounds access and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-0045-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include out of bounds access and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-0045-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include out of bounds access and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-0045-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include out of bounds access and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-0045-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include out of bounds access and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-0045-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include out of bounds access and use-after-free vulnerabilities.
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-...
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-...
An update for tigervnc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-server:...
An update for tigervnc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-server:...
An update for tigervnc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-server:...
An update for tigervnc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-server:...
An update for tigervnc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-server:...
An update for tigervnc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-server:...
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-...
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-...
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-...
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-...
Debian Linux Security Advisory 5304-1 - Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.
Debian Linux Security Advisory 5304-1 - Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.
Debian Linux Security Advisory 5304-1 - Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.
Debian Linux Security Advisory 5304-1 - Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.
Debian Linux Security Advisory 5304-1 - Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.
Debian Linux Security Advisory 5304-1 - Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se
A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.
Ubuntu Security Notice 5778-1 - Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Ubuntu Security Notice 5778-1 - Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Ubuntu Security Notice 5778-1 - Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Ubuntu Security Notice 5778-1 - Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Ubuntu Security Notice 5778-1 - Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Ubuntu Security Notice 5778-1 - Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.