Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:0665: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
Red Hat Security Data
#vulnerability#web#mac#apple#linux#red_hat#nodejs#js#java#kubernetes#rce#aws#ssh#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-02-08

Updated:

2023-02-08

RHSA-2023:0665 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: tigervnc security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for tigervnc is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

  • xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation (CVE-2023-0494)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64

Fixes

  • BZ - 2165995 - CVE-2023-0494 xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1

SRPM

tigervnc-1.9.0-16.el8_1.1.src.rpm

SHA-256: fc231aa489acdc1739656ce6ef5eb70ebd095481ecdf06b40c9b9c132a723835

ppc64le

tigervnc-1.9.0-16.el8_1.1.ppc64le.rpm

SHA-256: 8a12fbe77671dfd413976dddcef9b6bc9b7cec3876b0d1f30ca98796fea9b204

tigervnc-debuginfo-1.9.0-16.el8_1.1.ppc64le.rpm

SHA-256: d1f184ab92388d5b431e7fa557fd506db23b37a91108c864464805445c9378c9

tigervnc-debugsource-1.9.0-16.el8_1.1.ppc64le.rpm

SHA-256: adee0561bc1e3cde58561f9e77ac03d31ec0817af8335ddb1dd1788ca16a3d52

tigervnc-icons-1.9.0-16.el8_1.1.noarch.rpm

SHA-256: dff466e7d544065390acf4271a0b74fb62a4b6db7afae3603249d461b9d43782

tigervnc-license-1.9.0-16.el8_1.1.noarch.rpm

SHA-256: dd79b1e279dbad5b071752797544efeb905dea23ba8026d311d8601b932316cf

tigervnc-server-1.9.0-16.el8_1.1.ppc64le.rpm

SHA-256: 5bba178d902b568c1ff3a0988c373a252bdb42654828bcb851a93b4625bd00a1

tigervnc-server-applet-1.9.0-16.el8_1.1.noarch.rpm

SHA-256: 59fccb67917d67ea4c7ba4bfc7a3f1f7ca05cef0bbf4300f4c697bbd9ea52a14

tigervnc-server-debuginfo-1.9.0-16.el8_1.1.ppc64le.rpm

SHA-256: 1032a4f389b27b59fc38b1056a91563909ce77feab892f280545485b08d966b4

tigervnc-server-minimal-1.9.0-16.el8_1.1.ppc64le.rpm

SHA-256: 6e7f8b8516ca131341dc2add292772dcdbbfbcf58ed128738b61218af2fd03b5

tigervnc-server-minimal-debuginfo-1.9.0-16.el8_1.1.ppc64le.rpm

SHA-256: df4163e20c27d449fe8eed09a02b8513e88ef3ec6cce2b553ac372725ec761a9

tigervnc-server-module-1.9.0-16.el8_1.1.ppc64le.rpm

SHA-256: c18da0be4bbd31301e243ed2c98a07833c87dc087ba819b7f90d1068b675ee25

tigervnc-server-module-debuginfo-1.9.0-16.el8_1.1.ppc64le.rpm

SHA-256: a193d8e4adb155e76993d4226cfd143abac465ea4cc79f83180bee99eea8c7ec

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1

SRPM

tigervnc-1.9.0-16.el8_1.1.src.rpm

SHA-256: fc231aa489acdc1739656ce6ef5eb70ebd095481ecdf06b40c9b9c132a723835

x86_64

tigervnc-1.9.0-16.el8_1.1.x86_64.rpm

SHA-256: 7e624d66427537f644237052946849d7b8f2d0e571e603aa2a83827f7c4816b1

tigervnc-debuginfo-1.9.0-16.el8_1.1.x86_64.rpm

SHA-256: 19a114808cc587dc1d28fba7ab63e23c8028a0f8584cee9df8313ec83b504bdc

tigervnc-debugsource-1.9.0-16.el8_1.1.x86_64.rpm

SHA-256: a81b9f5b863bf6d01e48c12205aa10ce594deddc9a015943a26237840574afc9

tigervnc-icons-1.9.0-16.el8_1.1.noarch.rpm

SHA-256: dff466e7d544065390acf4271a0b74fb62a4b6db7afae3603249d461b9d43782

tigervnc-license-1.9.0-16.el8_1.1.noarch.rpm

SHA-256: dd79b1e279dbad5b071752797544efeb905dea23ba8026d311d8601b932316cf

tigervnc-server-1.9.0-16.el8_1.1.x86_64.rpm

SHA-256: e3b37c67157217a3d079f4576e4f52046ca711e3ca3338fefc8ac0bfb7fd7d1a

tigervnc-server-applet-1.9.0-16.el8_1.1.noarch.rpm

SHA-256: 59fccb67917d67ea4c7ba4bfc7a3f1f7ca05cef0bbf4300f4c697bbd9ea52a14

tigervnc-server-debuginfo-1.9.0-16.el8_1.1.x86_64.rpm

SHA-256: 0204627ac36665183777e5abec4ae0e9f9af0de26bc5d325ba4d03c1fa781b61

tigervnc-server-minimal-1.9.0-16.el8_1.1.x86_64.rpm

SHA-256: e8610ad9498105cb54ac0efd2444553714a0bf3eb2cb8876684926d145ebd6d9

tigervnc-server-minimal-debuginfo-1.9.0-16.el8_1.1.x86_64.rpm

SHA-256: 5b3fd43f4d5740d261a77bde464e4aaf0ab09600e2973c9d63bd286e4cc7a5a9

tigervnc-server-module-1.9.0-16.el8_1.1.x86_64.rpm

SHA-256: 4be992bd660747a7502b634c2a8b399a931ea3bccc638ff5333ea6335c9d0df7

tigervnc-server-module-debuginfo-1.9.0-16.el8_1.1.x86_64.rpm

SHA-256: e090e4291f6b221d0dc5b0a0819a01963d2b819ce4233d81049d66bdd3d5ea55

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

RHSA-2023:2805: Red Hat Security Advisory: xorg-x11-server-Xwayland security update

An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The Pro...

RHSA-2023:2806: Red Hat Security Advisory: xorg-x11-server security and bug fix update

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The ProcXkbGetKb...

RHSA-2023:2249: Red Hat Security Advisory: xorg-x11-server-Xwayland security update

An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The Pro...

Ubuntu Security Notice USN-5778-2

Ubuntu Security Notice 5778-2 - USN-5778-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.

Red Hat Security Advisory 2023-0671-01

Red Hat Security Advisory 2023-0671-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-0663-01

Red Hat Security Advisory 2023-0663-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-0664-01

Red Hat Security Advisory 2023-0664-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-0665-01

Red Hat Security Advisory 2023-0665-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-0662-01

Red Hat Security Advisory 2023-0662-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-0622-01

Red Hat Security Advisory 2023-0622-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.

RHSA-2023:0671: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read ...

RHSA-2023:0663: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote cod...

RHSA-2023:0662: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forw...

Debian Security Advisory 5342-1

Debian Linux Security Advisory 5342-1 - Jan-Niklas Sohn discovered that a user-after-free flaw in the X Input extension of the X.org X server may result in privilege escalation if the X server is running under the root user.

RHSA-2023:0623: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote cod...

RHSA-2023:0622: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forw...