Headline
RHSA-2023:1549: Red Hat Security Advisory: tigervnc security update
An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-04-03
Updated:
2023-04-03
RHSA-2023:1549 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: tigervnc security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.
Security Fix(es):
- xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability (CVE-2023-1393)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux Server - AUS 8.2 x86_64
- Red Hat Enterprise Linux Server - TUS 8.2 x86_64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64
Fixes
- BZ - 2180288 - CVE-2023-1393 xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability
Red Hat Enterprise Linux Server - AUS 8.2
SRPM
tigervnc-1.9.0-15.el8_2.3.src.rpm
SHA-256: 71b30a17a725cacbccf2a0f096026dd378d742c73cbfedf6e48cf3dde9e4ed97
x86_64
tigervnc-1.9.0-15.el8_2.3.x86_64.rpm
SHA-256: 797e0ae40a73041027f268bdf03fdbf6b1f4670a51b089404df19596bc0068c5
tigervnc-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm
SHA-256: 97aad64ef110fe0cde065604583f0074eb0d038dd8719722605a31580496b8dc
tigervnc-debugsource-1.9.0-15.el8_2.3.x86_64.rpm
SHA-256: bd9d05db95a12884589db547d6554cf9304c8a8557ee9f8da11e6a94d25a01bf
tigervnc-icons-1.9.0-15.el8_2.3.noarch.rpm
SHA-256: c691d1b4869d6009b34241f5e1ab2cf57808ed33f9b2d4efb46f67b650b044af
tigervnc-license-1.9.0-15.el8_2.3.noarch.rpm
SHA-256: 38bf1e4cce1e8c3a162dbb2ca0bc8715841bce3c571d7170149b10e34a4349eb
tigervnc-server-1.9.0-15.el8_2.3.x86_64.rpm
SHA-256: 5ccfb2a819ad017b8e9512e39700af4cc504501da64a384be5ade71ae479e0e3
tigervnc-server-applet-1.9.0-15.el8_2.3.noarch.rpm
SHA-256: 1da7c2abf998da3dd158b8f15b15af63e5bcbf1bdcdb8d1a5727a16c08824995
tigervnc-server-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm
SHA-256: 644e380ece2914c108d67bd727d49997bc9086e7ca1277d70ff4d829ef7bfb68
tigervnc-server-minimal-1.9.0-15.el8_2.3.x86_64.rpm
SHA-256: e8ff9f6c461d3cef013045e06f26659018d96a15cee20f91a41419ab933da503
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm
SHA-256: 3f9faa234890e50bd8e430d660c9ed2290d3647e3860b301cbc12aa1f1c4b1d4
tigervnc-server-module-1.9.0-15.el8_2.3.x86_64.rpm
SHA-256: 52e3c086e1db8a7b00a50f33038393e1f22b73e2b8e8c676fb9c11e6f78f7bc7
tigervnc-server-module-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm
SHA-256: 27a6794e6cb2be7123d64649bc8102be2be8cc934131186c6870783e13b7de86
Red Hat Enterprise Linux Server - TUS 8.2
SRPM
tigervnc-1.9.0-15.el8_2.3.src.rpm
SHA-256: 71b30a17a725cacbccf2a0f096026dd378d742c73cbfedf6e48cf3dde9e4ed97
x86_64
tigervnc-1.9.0-15.el8_2.3.x86_64.rpm
SHA-256: 797e0ae40a73041027f268bdf03fdbf6b1f4670a51b089404df19596bc0068c5
tigervnc-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm
SHA-256: 97aad64ef110fe0cde065604583f0074eb0d038dd8719722605a31580496b8dc
tigervnc-debugsource-1.9.0-15.el8_2.3.x86_64.rpm
SHA-256: bd9d05db95a12884589db547d6554cf9304c8a8557ee9f8da11e6a94d25a01bf
tigervnc-icons-1.9.0-15.el8_2.3.noarch.rpm
SHA-256: c691d1b4869d6009b34241f5e1ab2cf57808ed33f9b2d4efb46f67b650b044af
tigervnc-license-1.9.0-15.el8_2.3.noarch.rpm
SHA-256: 38bf1e4cce1e8c3a162dbb2ca0bc8715841bce3c571d7170149b10e34a4349eb
tigervnc-server-1.9.0-15.el8_2.3.x86_64.rpm
SHA-256: 5ccfb2a819ad017b8e9512e39700af4cc504501da64a384be5ade71ae479e0e3
tigervnc-server-applet-1.9.0-15.el8_2.3.noarch.rpm
SHA-256: 1da7c2abf998da3dd158b8f15b15af63e5bcbf1bdcdb8d1a5727a16c08824995
tigervnc-server-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm
SHA-256: 644e380ece2914c108d67bd727d49997bc9086e7ca1277d70ff4d829ef7bfb68
tigervnc-server-minimal-1.9.0-15.el8_2.3.x86_64.rpm
SHA-256: e8ff9f6c461d3cef013045e06f26659018d96a15cee20f91a41419ab933da503
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm
SHA-256: 3f9faa234890e50bd8e430d660c9ed2290d3647e3860b301cbc12aa1f1c4b1d4
tigervnc-server-module-1.9.0-15.el8_2.3.x86_64.rpm
SHA-256: 52e3c086e1db8a7b00a50f33038393e1f22b73e2b8e8c676fb9c11e6f78f7bc7
tigervnc-server-module-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm
SHA-256: 27a6794e6cb2be7123d64649bc8102be2be8cc934131186c6870783e13b7de86
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2
SRPM
tigervnc-1.9.0-15.el8_2.3.src.rpm
SHA-256: 71b30a17a725cacbccf2a0f096026dd378d742c73cbfedf6e48cf3dde9e4ed97
ppc64le
tigervnc-1.9.0-15.el8_2.3.ppc64le.rpm
SHA-256: 4e899d6a459f4bb5d7fd1a2de6b653dc0dc6147642a198e47213a739855a7b0f
tigervnc-debuginfo-1.9.0-15.el8_2.3.ppc64le.rpm
SHA-256: 9f194376182fbdcdeca644ce0d7f2c2db77394cc9effeb50cff9ae32ce304652
tigervnc-debugsource-1.9.0-15.el8_2.3.ppc64le.rpm
SHA-256: 6b06664c56295bf5638547798107996b0b459016000f3ba8dec7e36dc08f1529
tigervnc-icons-1.9.0-15.el8_2.3.noarch.rpm
SHA-256: c691d1b4869d6009b34241f5e1ab2cf57808ed33f9b2d4efb46f67b650b044af
tigervnc-license-1.9.0-15.el8_2.3.noarch.rpm
SHA-256: 38bf1e4cce1e8c3a162dbb2ca0bc8715841bce3c571d7170149b10e34a4349eb
tigervnc-server-1.9.0-15.el8_2.3.ppc64le.rpm
SHA-256: 468546da5d41e7c6c9cbe29a6dc7693d99b10d3eec11990dafc9d737d9305e7f
tigervnc-server-applet-1.9.0-15.el8_2.3.noarch.rpm
SHA-256: 1da7c2abf998da3dd158b8f15b15af63e5bcbf1bdcdb8d1a5727a16c08824995
tigervnc-server-debuginfo-1.9.0-15.el8_2.3.ppc64le.rpm
SHA-256: 2d3eae4eeac77604aa1fa2d011795f652f639fd936dd0af840abde56ffea2334
tigervnc-server-minimal-1.9.0-15.el8_2.3.ppc64le.rpm
SHA-256: 23f8bcdaf538c3157b22e576c3da12334f11ef764dd7f71335a8c425dca86c95
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.3.ppc64le.rpm
SHA-256: 79fac6b62513676a7e050840a3e5ca78c14668c4d45d86c88096028783b12e6f
tigervnc-server-module-1.9.0-15.el8_2.3.ppc64le.rpm
SHA-256: 18db2caf863edc74777c1e91b2b75c1ab92cf2126b39ae31558ec0aaef1c9a13
tigervnc-server-module-debuginfo-1.9.0-15.el8_2.3.ppc64le.rpm
SHA-256: cfe358f34fad32d0800e429d9aa5a617c0614d2ce8cb8f2423b2b537777e3b2a
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2
SRPM
tigervnc-1.9.0-15.el8_2.3.src.rpm
SHA-256: 71b30a17a725cacbccf2a0f096026dd378d742c73cbfedf6e48cf3dde9e4ed97
x86_64
tigervnc-1.9.0-15.el8_2.3.x86_64.rpm
SHA-256: 797e0ae40a73041027f268bdf03fdbf6b1f4670a51b089404df19596bc0068c5
tigervnc-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm
SHA-256: 97aad64ef110fe0cde065604583f0074eb0d038dd8719722605a31580496b8dc
tigervnc-debugsource-1.9.0-15.el8_2.3.x86_64.rpm
SHA-256: bd9d05db95a12884589db547d6554cf9304c8a8557ee9f8da11e6a94d25a01bf
tigervnc-icons-1.9.0-15.el8_2.3.noarch.rpm
SHA-256: c691d1b4869d6009b34241f5e1ab2cf57808ed33f9b2d4efb46f67b650b044af
tigervnc-license-1.9.0-15.el8_2.3.noarch.rpm
SHA-256: 38bf1e4cce1e8c3a162dbb2ca0bc8715841bce3c571d7170149b10e34a4349eb
tigervnc-server-1.9.0-15.el8_2.3.x86_64.rpm
SHA-256: 5ccfb2a819ad017b8e9512e39700af4cc504501da64a384be5ade71ae479e0e3
tigervnc-server-applet-1.9.0-15.el8_2.3.noarch.rpm
SHA-256: 1da7c2abf998da3dd158b8f15b15af63e5bcbf1bdcdb8d1a5727a16c08824995
tigervnc-server-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm
SHA-256: 644e380ece2914c108d67bd727d49997bc9086e7ca1277d70ff4d829ef7bfb68
tigervnc-server-minimal-1.9.0-15.el8_2.3.x86_64.rpm
SHA-256: e8ff9f6c461d3cef013045e06f26659018d96a15cee20f91a41419ab933da503
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm
SHA-256: 3f9faa234890e50bd8e430d660c9ed2290d3647e3860b301cbc12aa1f1c4b1d4
tigervnc-server-module-1.9.0-15.el8_2.3.x86_64.rpm
SHA-256: 52e3c086e1db8a7b00a50f33038393e1f22b73e2b8e8c676fb9c11e6f78f7bc7
tigervnc-server-module-debuginfo-1.9.0-15.el8_2.3.x86_64.rpm
SHA-256: 27a6794e6cb2be7123d64649bc8102be2be8cc934131186c6870783e13b7de86
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2023-1549-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-1600-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-1594-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include privilege escalation and use-after-free vulnerabilities.
An update for tigervnc and xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
Ubuntu Security Notice 5986-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Debian Linux Security Advisory 5380-1 - Jan-Niklas Sohn discovered that a user-after-free flaw in the Composite extension of the X.org X server may result in privilege escalation if the X server is running under the root user.