Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:1549: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
Red Hat Security Data
#vulnerability#web#mac#apple#linux#red_hat#nodejs#js#java#kubernetes#aws#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-04-03

Updated:

2023-04-03

RHSA-2023:1549 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: tigervnc security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

  • xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability (CVE-2023-1393)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux Server - AUS 8.2 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.2 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64

Fixes

  • BZ - 2180288 - CVE-2023-1393 xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability

Red Hat Enterprise Linux Server - AUS 8.2

SRPM

tigervnc-1.9.0-15.el8_2.3.src.rpm

SHA-256: 71b30a17a725cacbccf2a0f096026dd378d742c73cbfedf6e48cf3dde9e4ed97

x86_64

tigervnc-1.9.0-15.el8_2.3.x86_64.rpm

SHA-256: 797e0ae40a73041027f268bdf03fdbf6b1f4670a51b089404df19596bc0068c5

tigervnc-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm

SHA-256: 97aad64ef110fe0cde065604583f0074eb0d038dd8719722605a31580496b8dc

tigervnc-debugsource-1.9.0-15.el8_2.3.x86_64.rpm

SHA-256: bd9d05db95a12884589db547d6554cf9304c8a8557ee9f8da11e6a94d25a01bf

tigervnc-icons-1.9.0-15.el8_2.3.noarch.rpm

SHA-256: c691d1b4869d6009b34241f5e1ab2cf57808ed33f9b2d4efb46f67b650b044af

tigervnc-license-1.9.0-15.el8_2.3.noarch.rpm

SHA-256: 38bf1e4cce1e8c3a162dbb2ca0bc8715841bce3c571d7170149b10e34a4349eb

tigervnc-server-1.9.0-15.el8_2.3.x86_64.rpm

SHA-256: 5ccfb2a819ad017b8e9512e39700af4cc504501da64a384be5ade71ae479e0e3

tigervnc-server-applet-1.9.0-15.el8_2.3.noarch.rpm

SHA-256: 1da7c2abf998da3dd158b8f15b15af63e5bcbf1bdcdb8d1a5727a16c08824995

tigervnc-server-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm

SHA-256: 644e380ece2914c108d67bd727d49997bc9086e7ca1277d70ff4d829ef7bfb68

tigervnc-server-minimal-1.9.0-15.el8_2.3.x86_64.rpm

SHA-256: e8ff9f6c461d3cef013045e06f26659018d96a15cee20f91a41419ab933da503

tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm

SHA-256: 3f9faa234890e50bd8e430d660c9ed2290d3647e3860b301cbc12aa1f1c4b1d4

tigervnc-server-module-1.9.0-15.el8_2.3.x86_64.rpm

SHA-256: 52e3c086e1db8a7b00a50f33038393e1f22b73e2b8e8c676fb9c11e6f78f7bc7

tigervnc-server-module-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm

SHA-256: 27a6794e6cb2be7123d64649bc8102be2be8cc934131186c6870783e13b7de86

Red Hat Enterprise Linux Server - TUS 8.2

SRPM

tigervnc-1.9.0-15.el8_2.3.src.rpm

SHA-256: 71b30a17a725cacbccf2a0f096026dd378d742c73cbfedf6e48cf3dde9e4ed97

x86_64

tigervnc-1.9.0-15.el8_2.3.x86_64.rpm

SHA-256: 797e0ae40a73041027f268bdf03fdbf6b1f4670a51b089404df19596bc0068c5

tigervnc-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm

SHA-256: 97aad64ef110fe0cde065604583f0074eb0d038dd8719722605a31580496b8dc

tigervnc-debugsource-1.9.0-15.el8_2.3.x86_64.rpm

SHA-256: bd9d05db95a12884589db547d6554cf9304c8a8557ee9f8da11e6a94d25a01bf

tigervnc-icons-1.9.0-15.el8_2.3.noarch.rpm

SHA-256: c691d1b4869d6009b34241f5e1ab2cf57808ed33f9b2d4efb46f67b650b044af

tigervnc-license-1.9.0-15.el8_2.3.noarch.rpm

SHA-256: 38bf1e4cce1e8c3a162dbb2ca0bc8715841bce3c571d7170149b10e34a4349eb

tigervnc-server-1.9.0-15.el8_2.3.x86_64.rpm

SHA-256: 5ccfb2a819ad017b8e9512e39700af4cc504501da64a384be5ade71ae479e0e3

tigervnc-server-applet-1.9.0-15.el8_2.3.noarch.rpm

SHA-256: 1da7c2abf998da3dd158b8f15b15af63e5bcbf1bdcdb8d1a5727a16c08824995

tigervnc-server-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm

SHA-256: 644e380ece2914c108d67bd727d49997bc9086e7ca1277d70ff4d829ef7bfb68

tigervnc-server-minimal-1.9.0-15.el8_2.3.x86_64.rpm

SHA-256: e8ff9f6c461d3cef013045e06f26659018d96a15cee20f91a41419ab933da503

tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm

SHA-256: 3f9faa234890e50bd8e430d660c9ed2290d3647e3860b301cbc12aa1f1c4b1d4

tigervnc-server-module-1.9.0-15.el8_2.3.x86_64.rpm

SHA-256: 52e3c086e1db8a7b00a50f33038393e1f22b73e2b8e8c676fb9c11e6f78f7bc7

tigervnc-server-module-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm

SHA-256: 27a6794e6cb2be7123d64649bc8102be2be8cc934131186c6870783e13b7de86

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2

SRPM

tigervnc-1.9.0-15.el8_2.3.src.rpm

SHA-256: 71b30a17a725cacbccf2a0f096026dd378d742c73cbfedf6e48cf3dde9e4ed97

ppc64le

tigervnc-1.9.0-15.el8_2.3.ppc64le.rpm

SHA-256: 4e899d6a459f4bb5d7fd1a2de6b653dc0dc6147642a198e47213a739855a7b0f

tigervnc-debuginfo-1.9.0-15.el8_2.3.ppc64le.rpm

SHA-256: 9f194376182fbdcdeca644ce0d7f2c2db77394cc9effeb50cff9ae32ce304652

tigervnc-debugsource-1.9.0-15.el8_2.3.ppc64le.rpm

SHA-256: 6b06664c56295bf5638547798107996b0b459016000f3ba8dec7e36dc08f1529

tigervnc-icons-1.9.0-15.el8_2.3.noarch.rpm

SHA-256: c691d1b4869d6009b34241f5e1ab2cf57808ed33f9b2d4efb46f67b650b044af

tigervnc-license-1.9.0-15.el8_2.3.noarch.rpm

SHA-256: 38bf1e4cce1e8c3a162dbb2ca0bc8715841bce3c571d7170149b10e34a4349eb

tigervnc-server-1.9.0-15.el8_2.3.ppc64le.rpm

SHA-256: 468546da5d41e7c6c9cbe29a6dc7693d99b10d3eec11990dafc9d737d9305e7f

tigervnc-server-applet-1.9.0-15.el8_2.3.noarch.rpm

SHA-256: 1da7c2abf998da3dd158b8f15b15af63e5bcbf1bdcdb8d1a5727a16c08824995

tigervnc-server-debuginfo-1.9.0-15.el8_2.3.ppc64le.rpm

SHA-256: 2d3eae4eeac77604aa1fa2d011795f652f639fd936dd0af840abde56ffea2334

tigervnc-server-minimal-1.9.0-15.el8_2.3.ppc64le.rpm

SHA-256: 23f8bcdaf538c3157b22e576c3da12334f11ef764dd7f71335a8c425dca86c95

tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.3.ppc64le.rpm

SHA-256: 79fac6b62513676a7e050840a3e5ca78c14668c4d45d86c88096028783b12e6f

tigervnc-server-module-1.9.0-15.el8_2.3.ppc64le.rpm

SHA-256: 18db2caf863edc74777c1e91b2b75c1ab92cf2126b39ae31558ec0aaef1c9a13

tigervnc-server-module-debuginfo-1.9.0-15.el8_2.3.ppc64le.rpm

SHA-256: cfe358f34fad32d0800e429d9aa5a617c0614d2ce8cb8f2423b2b537777e3b2a

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2

SRPM

tigervnc-1.9.0-15.el8_2.3.src.rpm

SHA-256: 71b30a17a725cacbccf2a0f096026dd378d742c73cbfedf6e48cf3dde9e4ed97

x86_64

tigervnc-1.9.0-15.el8_2.3.x86_64.rpm

SHA-256: 797e0ae40a73041027f268bdf03fdbf6b1f4670a51b089404df19596bc0068c5

tigervnc-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm

SHA-256: 97aad64ef110fe0cde065604583f0074eb0d038dd8719722605a31580496b8dc

tigervnc-debugsource-1.9.0-15.el8_2.3.x86_64.rpm

SHA-256: bd9d05db95a12884589db547d6554cf9304c8a8557ee9f8da11e6a94d25a01bf

tigervnc-icons-1.9.0-15.el8_2.3.noarch.rpm

SHA-256: c691d1b4869d6009b34241f5e1ab2cf57808ed33f9b2d4efb46f67b650b044af

tigervnc-license-1.9.0-15.el8_2.3.noarch.rpm

SHA-256: 38bf1e4cce1e8c3a162dbb2ca0bc8715841bce3c571d7170149b10e34a4349eb

tigervnc-server-1.9.0-15.el8_2.3.x86_64.rpm

SHA-256: 5ccfb2a819ad017b8e9512e39700af4cc504501da64a384be5ade71ae479e0e3

tigervnc-server-applet-1.9.0-15.el8_2.3.noarch.rpm

SHA-256: 1da7c2abf998da3dd158b8f15b15af63e5bcbf1bdcdb8d1a5727a16c08824995

tigervnc-server-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm

SHA-256: 644e380ece2914c108d67bd727d49997bc9086e7ca1277d70ff4d829ef7bfb68

tigervnc-server-minimal-1.9.0-15.el8_2.3.x86_64.rpm

SHA-256: e8ff9f6c461d3cef013045e06f26659018d96a15cee20f91a41419ab933da503

tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm

SHA-256: 3f9faa234890e50bd8e430d660c9ed2290d3647e3860b301cbc12aa1f1c4b1d4

tigervnc-server-module-1.9.0-15.el8_2.3.x86_64.rpm

SHA-256: 52e3c086e1db8a7b00a50f33038393e1f22b73e2b8e8c676fb9c11e6f78f7bc7

tigervnc-server-module-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm

SHA-256: 27a6794e6cb2be7123d64649bc8102be2be8cc934131186c6870783e13b7de86

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Red Hat Security Advisory 2023-1549-01

Red Hat Security Advisory 2023-1549-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-1600-01

Red Hat Security Advisory 2023-1600-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-1594-01

Red Hat Security Advisory 2023-1594-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include privilege escalation and use-after-free vulnerabilities.

RHSA-2023:1594: Red Hat Security Advisory: tigervnc and xorg-x11-server security update

An update for tigervnc and xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.

RHSA-2023:1598: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.

RHSA-2023:1599: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.

RHSA-2023:1600: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.

RHSA-2023:1592: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.

RHSA-2023:1548: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.

Ubuntu Security Notice USN-5986-1

Ubuntu Security Notice 5986-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.

Debian Security Advisory 5380-1

Debian Linux Security Advisory 5380-1 - Jan-Niklas Sohn discovered that a user-after-free flaw in the Composite extension of the X.org X server may result in privilege escalation if the X server is running under the root user.