Headline
RHSA-2023:1548: Red Hat Security Advisory: tigervnc security update
An update for tigervnc is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
Synopsis
Important: tigervnc security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for tigervnc is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.
Security Fix(es):
- xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability (CVE-2023-1393)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
- Red Hat Enterprise Linux Server - AUS 8.4 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.4 x86_64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64
Fixes
- BZ - 2180288 - CVE-2023-1393 xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4
SRPM
tigervnc-1.11.0-8.el8_4.2.src.rpm
SHA-256: e5bc9ee20384659933d4491d4d33fcc4ead3f954280dc8363bcacbbb15f5e15c
x86_64
tigervnc-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: 7d83b4ba2127f35cbfbb351a34457e3ffe6846fc3a1fabaeab906515423a6e59
tigervnc-debuginfo-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: 591253cf8bcea5471e1eb8ab5f55deba387ab796c53f1f8e2017bd40c2358ee0
tigervnc-debugsource-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: ba231f926cfe024386132fae6d1331570ae4c45c21473f620583effc00a93b0f
tigervnc-icons-1.11.0-8.el8_4.2.noarch.rpm
SHA-256: 720d59ce901b2ab0f86f32a2ac051a6827ae690370283e12a68592eacdf1f749
tigervnc-license-1.11.0-8.el8_4.2.noarch.rpm
SHA-256: 33ae8f2dab09cf28a8c67e1937183ad6d949effd3390b0c262b1206ed318987f
tigervnc-selinux-1.11.0-8.el8_4.2.noarch.rpm
SHA-256: 159b3c91fd597220098bd860a4257fc81b329a98acaa0b20e53e27aca68bc104
tigervnc-server-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: 144d08a784a6db756a4e7f1d7f77298e670b09a2eee8d5fc97a6864d1bbc146a
tigervnc-server-debuginfo-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: cc3a3400820c947d7fc3d8992b1de847769e4bd01318a2f38cb1e3acb1c61413
tigervnc-server-minimal-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: e8d16dfbe7134d6a6da9567504c4f133a547baeb92d8527db979c2f54d857668
tigervnc-server-minimal-debuginfo-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: 4b86fc69bacf5cb5ace27c9ba0a088f7fbcfeba3d74b68bb507b6f8a34db5bc3
tigervnc-server-module-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: a612f1dff379c8d5d8780861529ce41719b787300ffd42e65a2a0592e0df3370
tigervnc-server-module-debuginfo-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: 7cbe193700dd9cfdd3b45e98152ac69826e1913191030416dee1a76c0e403c7c
Red Hat Enterprise Linux Server - AUS 8.4
SRPM
tigervnc-1.11.0-8.el8_4.2.src.rpm
SHA-256: e5bc9ee20384659933d4491d4d33fcc4ead3f954280dc8363bcacbbb15f5e15c
x86_64
tigervnc-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: 7d83b4ba2127f35cbfbb351a34457e3ffe6846fc3a1fabaeab906515423a6e59
tigervnc-debuginfo-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: 591253cf8bcea5471e1eb8ab5f55deba387ab796c53f1f8e2017bd40c2358ee0
tigervnc-debugsource-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: ba231f926cfe024386132fae6d1331570ae4c45c21473f620583effc00a93b0f
tigervnc-icons-1.11.0-8.el8_4.2.noarch.rpm
SHA-256: 720d59ce901b2ab0f86f32a2ac051a6827ae690370283e12a68592eacdf1f749
tigervnc-license-1.11.0-8.el8_4.2.noarch.rpm
SHA-256: 33ae8f2dab09cf28a8c67e1937183ad6d949effd3390b0c262b1206ed318987f
tigervnc-selinux-1.11.0-8.el8_4.2.noarch.rpm
SHA-256: 159b3c91fd597220098bd860a4257fc81b329a98acaa0b20e53e27aca68bc104
tigervnc-server-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: 144d08a784a6db756a4e7f1d7f77298e670b09a2eee8d5fc97a6864d1bbc146a
tigervnc-server-debuginfo-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: cc3a3400820c947d7fc3d8992b1de847769e4bd01318a2f38cb1e3acb1c61413
tigervnc-server-minimal-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: e8d16dfbe7134d6a6da9567504c4f133a547baeb92d8527db979c2f54d857668
tigervnc-server-minimal-debuginfo-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: 4b86fc69bacf5cb5ace27c9ba0a088f7fbcfeba3d74b68bb507b6f8a34db5bc3
tigervnc-server-module-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: a612f1dff379c8d5d8780861529ce41719b787300ffd42e65a2a0592e0df3370
tigervnc-server-module-debuginfo-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: 7cbe193700dd9cfdd3b45e98152ac69826e1913191030416dee1a76c0e403c7c
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4
SRPM
tigervnc-1.11.0-8.el8_4.2.src.rpm
SHA-256: e5bc9ee20384659933d4491d4d33fcc4ead3f954280dc8363bcacbbb15f5e15c
s390x
tigervnc-1.11.0-8.el8_4.2.s390x.rpm
SHA-256: bd4a6b845033eb0c95de078f9515d2f48815ed8280204003d93f1039a622ebef
tigervnc-debuginfo-1.11.0-8.el8_4.2.s390x.rpm
SHA-256: 1d8c98197bc3e63001fa31488141475dd4c4fce185c76f5fa0a7cd00f41805c7
tigervnc-debugsource-1.11.0-8.el8_4.2.s390x.rpm
SHA-256: d363222b341ec2269100f6f164bf63e1d90fcb6b403a83468cb5e465fe828959
tigervnc-icons-1.11.0-8.el8_4.2.noarch.rpm
SHA-256: 720d59ce901b2ab0f86f32a2ac051a6827ae690370283e12a68592eacdf1f749
tigervnc-license-1.11.0-8.el8_4.2.noarch.rpm
SHA-256: 33ae8f2dab09cf28a8c67e1937183ad6d949effd3390b0c262b1206ed318987f
tigervnc-selinux-1.11.0-8.el8_4.2.noarch.rpm
SHA-256: 159b3c91fd597220098bd860a4257fc81b329a98acaa0b20e53e27aca68bc104
tigervnc-server-1.11.0-8.el8_4.2.s390x.rpm
SHA-256: 74dc51d4e7143c43f4b6d7e41f0d32f8282b0f36c9e3e7104288c415bea3ea8f
tigervnc-server-debuginfo-1.11.0-8.el8_4.2.s390x.rpm
SHA-256: fc6c6a146cff724c528e4f3b9c7a6962350a01ffe46c6d1dc5e61869189427ba
tigervnc-server-minimal-1.11.0-8.el8_4.2.s390x.rpm
SHA-256: c9c37f771df3b9afa53d0279e993b3f15661c6fb3ec8c0a1d820a9ade9db1495
tigervnc-server-minimal-debuginfo-1.11.0-8.el8_4.2.s390x.rpm
SHA-256: 78b7de230f288a10b1e87fdfa0a0d6664edcc4e4065916b0fa18d23a70e945cb
tigervnc-server-module-1.11.0-8.el8_4.2.s390x.rpm
SHA-256: d6ba3f76eeee7fd46cfbc1ac09a653fc54ee62d983e68ee4622fd61f9f8d7600
tigervnc-server-module-debuginfo-1.11.0-8.el8_4.2.s390x.rpm
SHA-256: 8326090ad9e024177d4f6706d1161d1c83b7f30600a2646f3f961f8c8f2f1258
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4
SRPM
tigervnc-1.11.0-8.el8_4.2.src.rpm
SHA-256: e5bc9ee20384659933d4491d4d33fcc4ead3f954280dc8363bcacbbb15f5e15c
ppc64le
tigervnc-1.11.0-8.el8_4.2.ppc64le.rpm
SHA-256: 40ed88c1565469cd80e694edaa320f2cb87e21cf953de9cc9664d86211d567c3
tigervnc-debuginfo-1.11.0-8.el8_4.2.ppc64le.rpm
SHA-256: 4d5d6d5e8f6e7bb89567c843cc620489e950cc058b9c6668cc9c48cb5a2d69bb
tigervnc-debugsource-1.11.0-8.el8_4.2.ppc64le.rpm
SHA-256: d17d3cc8f1e190ad49b12f16c9179df4988e7e4338df97fde0d22b23ae5c6203
tigervnc-icons-1.11.0-8.el8_4.2.noarch.rpm
SHA-256: 720d59ce901b2ab0f86f32a2ac051a6827ae690370283e12a68592eacdf1f749
tigervnc-license-1.11.0-8.el8_4.2.noarch.rpm
SHA-256: 33ae8f2dab09cf28a8c67e1937183ad6d949effd3390b0c262b1206ed318987f
tigervnc-selinux-1.11.0-8.el8_4.2.noarch.rpm
SHA-256: 159b3c91fd597220098bd860a4257fc81b329a98acaa0b20e53e27aca68bc104
tigervnc-server-1.11.0-8.el8_4.2.ppc64le.rpm
SHA-256: db9edb60c08ab4a6418bc253e4c6972b173e405ecf631fa1be3ac917fa5b7506
tigervnc-server-debuginfo-1.11.0-8.el8_4.2.ppc64le.rpm
SHA-256: 4c89c6a966f09a049f49b61148a1ee36b6eca006e280cd2d6a8bb1543c43ebe9
tigervnc-server-minimal-1.11.0-8.el8_4.2.ppc64le.rpm
SHA-256: 03bd420e1addff0e480c9e3d83281d7afc65e84c41988c64ec9d22e902dc6063
tigervnc-server-minimal-debuginfo-1.11.0-8.el8_4.2.ppc64le.rpm
SHA-256: d7da360a49ae8a9d46dfe8abba51fdb341d53357e84845ba73f479250fac5616
tigervnc-server-module-1.11.0-8.el8_4.2.ppc64le.rpm
SHA-256: 7e8ea17d68700d02ceb65cb733394f6db2a2e11c6ad8401d50ac6424d21fca30
tigervnc-server-module-debuginfo-1.11.0-8.el8_4.2.ppc64le.rpm
SHA-256: 2f7a79f89fcb5e54ab948c1ddf0909228fbf0ddf4cdde7be615195557c0908b7
Red Hat Enterprise Linux Server - TUS 8.4
SRPM
tigervnc-1.11.0-8.el8_4.2.src.rpm
SHA-256: e5bc9ee20384659933d4491d4d33fcc4ead3f954280dc8363bcacbbb15f5e15c
x86_64
tigervnc-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: 7d83b4ba2127f35cbfbb351a34457e3ffe6846fc3a1fabaeab906515423a6e59
tigervnc-debuginfo-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: 591253cf8bcea5471e1eb8ab5f55deba387ab796c53f1f8e2017bd40c2358ee0
tigervnc-debugsource-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: ba231f926cfe024386132fae6d1331570ae4c45c21473f620583effc00a93b0f
tigervnc-icons-1.11.0-8.el8_4.2.noarch.rpm
SHA-256: 720d59ce901b2ab0f86f32a2ac051a6827ae690370283e12a68592eacdf1f749
tigervnc-license-1.11.0-8.el8_4.2.noarch.rpm
SHA-256: 33ae8f2dab09cf28a8c67e1937183ad6d949effd3390b0c262b1206ed318987f
tigervnc-selinux-1.11.0-8.el8_4.2.noarch.rpm
SHA-256: 159b3c91fd597220098bd860a4257fc81b329a98acaa0b20e53e27aca68bc104
tigervnc-server-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: 144d08a784a6db756a4e7f1d7f77298e670b09a2eee8d5fc97a6864d1bbc146a
tigervnc-server-debuginfo-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: cc3a3400820c947d7fc3d8992b1de847769e4bd01318a2f38cb1e3acb1c61413
tigervnc-server-minimal-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: e8d16dfbe7134d6a6da9567504c4f133a547baeb92d8527db979c2f54d857668
tigervnc-server-minimal-debuginfo-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: 4b86fc69bacf5cb5ace27c9ba0a088f7fbcfeba3d74b68bb507b6f8a34db5bc3
tigervnc-server-module-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: a612f1dff379c8d5d8780861529ce41719b787300ffd42e65a2a0592e0df3370
tigervnc-server-module-debuginfo-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: 7cbe193700dd9cfdd3b45e98152ac69826e1913191030416dee1a76c0e403c7c
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4
SRPM
tigervnc-1.11.0-8.el8_4.2.src.rpm
SHA-256: e5bc9ee20384659933d4491d4d33fcc4ead3f954280dc8363bcacbbb15f5e15c
aarch64
tigervnc-1.11.0-8.el8_4.2.aarch64.rpm
SHA-256: 6601544fa0f079b3868e00f45c922abf138214e0fb2d70409641fa456a22e9cf
tigervnc-debuginfo-1.11.0-8.el8_4.2.aarch64.rpm
SHA-256: 2809f3e88e965068f56285f2768e82d84b40d30825b449e59ed30a751a09c690
tigervnc-debugsource-1.11.0-8.el8_4.2.aarch64.rpm
SHA-256: b6957f0cebbf7597f6913fad56dfcd82ca37f06cf763abfc8e43e68d456b5b6d
tigervnc-icons-1.11.0-8.el8_4.2.noarch.rpm
SHA-256: 720d59ce901b2ab0f86f32a2ac051a6827ae690370283e12a68592eacdf1f749
tigervnc-license-1.11.0-8.el8_4.2.noarch.rpm
SHA-256: 33ae8f2dab09cf28a8c67e1937183ad6d949effd3390b0c262b1206ed318987f
tigervnc-selinux-1.11.0-8.el8_4.2.noarch.rpm
SHA-256: 159b3c91fd597220098bd860a4257fc81b329a98acaa0b20e53e27aca68bc104
tigervnc-server-1.11.0-8.el8_4.2.aarch64.rpm
SHA-256: ebef804a180f7152be61f363345a74dda176276e4c869133f01c5f2502653a4d
tigervnc-server-debuginfo-1.11.0-8.el8_4.2.aarch64.rpm
SHA-256: 0044dc2a18fbfd5d25d9c43c09a9ebace58c927c8a83e8de4f835b4a828671ae
tigervnc-server-minimal-1.11.0-8.el8_4.2.aarch64.rpm
SHA-256: 0dddcb150534bade7f329925c28e92d3ce701d557e765a24a24ef88685bb8335
tigervnc-server-minimal-debuginfo-1.11.0-8.el8_4.2.aarch64.rpm
SHA-256: 51e3be7e21139137c848d142f83b0c3ff8957fec83842e9d90ecc45fc1bdefbb
tigervnc-server-module-1.11.0-8.el8_4.2.aarch64.rpm
SHA-256: ad3d0a16e6495db359f211a179d269b17f9d6f5b76cff1b04896905b1771e6f7
tigervnc-server-module-debuginfo-1.11.0-8.el8_4.2.aarch64.rpm
SHA-256: 56641a7cdc3567cdd3cde5bc9c8d2063c23b962cb5ec3598e481ba6eab80d9c1
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4
SRPM
tigervnc-1.11.0-8.el8_4.2.src.rpm
SHA-256: e5bc9ee20384659933d4491d4d33fcc4ead3f954280dc8363bcacbbb15f5e15c
ppc64le
tigervnc-1.11.0-8.el8_4.2.ppc64le.rpm
SHA-256: 40ed88c1565469cd80e694edaa320f2cb87e21cf953de9cc9664d86211d567c3
tigervnc-debuginfo-1.11.0-8.el8_4.2.ppc64le.rpm
SHA-256: 4d5d6d5e8f6e7bb89567c843cc620489e950cc058b9c6668cc9c48cb5a2d69bb
tigervnc-debugsource-1.11.0-8.el8_4.2.ppc64le.rpm
SHA-256: d17d3cc8f1e190ad49b12f16c9179df4988e7e4338df97fde0d22b23ae5c6203
tigervnc-icons-1.11.0-8.el8_4.2.noarch.rpm
SHA-256: 720d59ce901b2ab0f86f32a2ac051a6827ae690370283e12a68592eacdf1f749
tigervnc-license-1.11.0-8.el8_4.2.noarch.rpm
SHA-256: 33ae8f2dab09cf28a8c67e1937183ad6d949effd3390b0c262b1206ed318987f
tigervnc-selinux-1.11.0-8.el8_4.2.noarch.rpm
SHA-256: 159b3c91fd597220098bd860a4257fc81b329a98acaa0b20e53e27aca68bc104
tigervnc-server-1.11.0-8.el8_4.2.ppc64le.rpm
SHA-256: db9edb60c08ab4a6418bc253e4c6972b173e405ecf631fa1be3ac917fa5b7506
tigervnc-server-debuginfo-1.11.0-8.el8_4.2.ppc64le.rpm
SHA-256: 4c89c6a966f09a049f49b61148a1ee36b6eca006e280cd2d6a8bb1543c43ebe9
tigervnc-server-minimal-1.11.0-8.el8_4.2.ppc64le.rpm
SHA-256: 03bd420e1addff0e480c9e3d83281d7afc65e84c41988c64ec9d22e902dc6063
tigervnc-server-minimal-debuginfo-1.11.0-8.el8_4.2.ppc64le.rpm
SHA-256: d7da360a49ae8a9d46dfe8abba51fdb341d53357e84845ba73f479250fac5616
tigervnc-server-module-1.11.0-8.el8_4.2.ppc64le.rpm
SHA-256: 7e8ea17d68700d02ceb65cb733394f6db2a2e11c6ad8401d50ac6424d21fca30
tigervnc-server-module-debuginfo-1.11.0-8.el8_4.2.ppc64le.rpm
SHA-256: 2f7a79f89fcb5e54ab948c1ddf0909228fbf0ddf4cdde7be615195557c0908b7
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4
SRPM
tigervnc-1.11.0-8.el8_4.2.src.rpm
SHA-256: e5bc9ee20384659933d4491d4d33fcc4ead3f954280dc8363bcacbbb15f5e15c
x86_64
tigervnc-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: 7d83b4ba2127f35cbfbb351a34457e3ffe6846fc3a1fabaeab906515423a6e59
tigervnc-debuginfo-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: 591253cf8bcea5471e1eb8ab5f55deba387ab796c53f1f8e2017bd40c2358ee0
tigervnc-debugsource-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: ba231f926cfe024386132fae6d1331570ae4c45c21473f620583effc00a93b0f
tigervnc-icons-1.11.0-8.el8_4.2.noarch.rpm
SHA-256: 720d59ce901b2ab0f86f32a2ac051a6827ae690370283e12a68592eacdf1f749
tigervnc-license-1.11.0-8.el8_4.2.noarch.rpm
SHA-256: 33ae8f2dab09cf28a8c67e1937183ad6d949effd3390b0c262b1206ed318987f
tigervnc-selinux-1.11.0-8.el8_4.2.noarch.rpm
SHA-256: 159b3c91fd597220098bd860a4257fc81b329a98acaa0b20e53e27aca68bc104
tigervnc-server-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: 144d08a784a6db756a4e7f1d7f77298e670b09a2eee8d5fc97a6864d1bbc146a
tigervnc-server-debuginfo-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: cc3a3400820c947d7fc3d8992b1de847769e4bd01318a2f38cb1e3acb1c61413
tigervnc-server-minimal-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: e8d16dfbe7134d6a6da9567504c4f133a547baeb92d8527db979c2f54d857668
tigervnc-server-minimal-debuginfo-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: 4b86fc69bacf5cb5ace27c9ba0a088f7fbcfeba3d74b68bb507b6f8a34db5bc3
tigervnc-server-module-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: a612f1dff379c8d5d8780861529ce41719b787300ffd42e65a2a0592e0df3370
tigervnc-server-module-debuginfo-1.11.0-8.el8_4.2.x86_64.rpm
SHA-256: 7cbe193700dd9cfdd3b45e98152ac69826e1913191030416dee1a76c0e403c7c
Related news
Red Hat Security Advisory 2023-1549-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-1600-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include privilege escalation and use-after-free vulnerabilities.
An update for tigervnc and xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserve...
A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
Ubuntu Security Notice 5986-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Debian Linux Security Advisory 5380-1 - Jan-Niklas Sohn discovered that a user-after-free flaw in the Composite extension of the X.org X server may result in privilege escalation if the X server is running under the root user.