Headline
RHSA-2023:1598: Red Hat Security Advisory: tigervnc security update
An update for tigervnc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
Synopsis
Important: tigervnc security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for tigervnc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.
Security Fix(es):
- xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability (CVE-2023-1393)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat Enterprise Linux Server - AUS 8.6 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.6 x86_64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
Fixes
- BZ - 2180288 - CVE-2023-1393 xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6
SRPM
tigervnc-1.12.0-6.el8_6.3.src.rpm
SHA-256: 939e876db3ad1c4b8b55d5950927128f7b1a13d6183144e6cef95c8a28f9d12b
x86_64
tigervnc-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: 5dcbb5ed82c9c66ccea1bd26d86c5ef92b58a6be9c7daa101ef40a624e420df3
tigervnc-debuginfo-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: b16a6937b4065cc3b9a78df8768ece1c5ab0258d04e899c618bd5e5bf2cd95af
tigervnc-debugsource-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: fd0e8619f48a07c24d9090e843f88c6482f37259fcb2584601741af13e12dd9a
tigervnc-icons-1.12.0-6.el8_6.3.noarch.rpm
SHA-256: e6154d244042ee7aa1d66d54a57c304b7da8d22ed0a464a9e2b8365173cae0d3
tigervnc-license-1.12.0-6.el8_6.3.noarch.rpm
SHA-256: 52bea243e9b93d3212b71ca513912cd3368189dd9c794e3826ac39b6195d83eb
tigervnc-selinux-1.12.0-6.el8_6.3.noarch.rpm
SHA-256: 69b2e35c60a5aced70045713ca282d6da6ee239797ef6d5063fa2799cad53cd9
tigervnc-server-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: 96ae64edb274afe72fd9296cca14852f7293fd7b4d8b05162f09f1fdf4e75d38
tigervnc-server-debuginfo-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: 6f2327a20b485c94015b54b6f422d7de311fa2452c985f9a949ae129b934855b
tigervnc-server-minimal-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: 08b60fd237bc421ac6a56bfdebff8f496e4d336b1f530de57c3c7e461254202a
tigervnc-server-minimal-debuginfo-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: ac64d51f016eb21135dfee445ab2c326a3705714b51275dcea70f88118c0ff3b
tigervnc-server-module-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: d7960b2e99c533b60dc4825537b14ec9935fc02ab5a2973706091b50b913fca0
tigervnc-server-module-debuginfo-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: 3e3b76bb66dd9f1a59989fc9467992788ef67f85a2b74badf0ed75f8eea52443
Red Hat Enterprise Linux Server - AUS 8.6
SRPM
tigervnc-1.12.0-6.el8_6.3.src.rpm
SHA-256: 939e876db3ad1c4b8b55d5950927128f7b1a13d6183144e6cef95c8a28f9d12b
x86_64
tigervnc-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: 5dcbb5ed82c9c66ccea1bd26d86c5ef92b58a6be9c7daa101ef40a624e420df3
tigervnc-debuginfo-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: b16a6937b4065cc3b9a78df8768ece1c5ab0258d04e899c618bd5e5bf2cd95af
tigervnc-debugsource-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: fd0e8619f48a07c24d9090e843f88c6482f37259fcb2584601741af13e12dd9a
tigervnc-icons-1.12.0-6.el8_6.3.noarch.rpm
SHA-256: e6154d244042ee7aa1d66d54a57c304b7da8d22ed0a464a9e2b8365173cae0d3
tigervnc-license-1.12.0-6.el8_6.3.noarch.rpm
SHA-256: 52bea243e9b93d3212b71ca513912cd3368189dd9c794e3826ac39b6195d83eb
tigervnc-selinux-1.12.0-6.el8_6.3.noarch.rpm
SHA-256: 69b2e35c60a5aced70045713ca282d6da6ee239797ef6d5063fa2799cad53cd9
tigervnc-server-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: 96ae64edb274afe72fd9296cca14852f7293fd7b4d8b05162f09f1fdf4e75d38
tigervnc-server-debuginfo-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: 6f2327a20b485c94015b54b6f422d7de311fa2452c985f9a949ae129b934855b
tigervnc-server-minimal-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: 08b60fd237bc421ac6a56bfdebff8f496e4d336b1f530de57c3c7e461254202a
tigervnc-server-minimal-debuginfo-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: ac64d51f016eb21135dfee445ab2c326a3705714b51275dcea70f88118c0ff3b
tigervnc-server-module-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: d7960b2e99c533b60dc4825537b14ec9935fc02ab5a2973706091b50b913fca0
tigervnc-server-module-debuginfo-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: 3e3b76bb66dd9f1a59989fc9467992788ef67f85a2b74badf0ed75f8eea52443
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6
SRPM
tigervnc-1.12.0-6.el8_6.3.src.rpm
SHA-256: 939e876db3ad1c4b8b55d5950927128f7b1a13d6183144e6cef95c8a28f9d12b
s390x
tigervnc-1.12.0-6.el8_6.3.s390x.rpm
SHA-256: 63597968e8e7133a1f375ea52dde9d851d184dff9f8ebb5486de306b16df9b1a
tigervnc-debuginfo-1.12.0-6.el8_6.3.s390x.rpm
SHA-256: 625b32dbc53efa1e266a4715fb84ae4453361ce1b530f543d9248f5d7ca29d26
tigervnc-debugsource-1.12.0-6.el8_6.3.s390x.rpm
SHA-256: 79510aa3bc120d33e189294680f9a7eb40a4e7b2321860c12323e2edc553a7a8
tigervnc-icons-1.12.0-6.el8_6.3.noarch.rpm
SHA-256: e6154d244042ee7aa1d66d54a57c304b7da8d22ed0a464a9e2b8365173cae0d3
tigervnc-license-1.12.0-6.el8_6.3.noarch.rpm
SHA-256: 52bea243e9b93d3212b71ca513912cd3368189dd9c794e3826ac39b6195d83eb
tigervnc-selinux-1.12.0-6.el8_6.3.noarch.rpm
SHA-256: 69b2e35c60a5aced70045713ca282d6da6ee239797ef6d5063fa2799cad53cd9
tigervnc-server-1.12.0-6.el8_6.3.s390x.rpm
SHA-256: c4369e128bec5856cf0965d92d127d40eef158cfa8e5782759964afb43ec16bc
tigervnc-server-debuginfo-1.12.0-6.el8_6.3.s390x.rpm
SHA-256: ffa0fc3f5969c72cb3102c0a6296bfe033c8bb6a10ace97cd97f2e75a51049bd
tigervnc-server-minimal-1.12.0-6.el8_6.3.s390x.rpm
SHA-256: 54989587b2a58533807beed202e0725b6b54b5b9901aa7965e77f9f4cd6856e8
tigervnc-server-minimal-debuginfo-1.12.0-6.el8_6.3.s390x.rpm
SHA-256: 9f29833436098f417b71a26fed85d4bc557481e65f24e7e689ef07cc87740c7a
tigervnc-server-module-1.12.0-6.el8_6.3.s390x.rpm
SHA-256: 33cb0491eed3806999b9ca0be66dc2903c63cdb6c8be7f4f17a5d5269d2a0eeb
tigervnc-server-module-debuginfo-1.12.0-6.el8_6.3.s390x.rpm
SHA-256: 9048e9d6582e4caf125035ccddf85374602edb60c0ea8e2af5072f45b005d1f7
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6
SRPM
tigervnc-1.12.0-6.el8_6.3.src.rpm
SHA-256: 939e876db3ad1c4b8b55d5950927128f7b1a13d6183144e6cef95c8a28f9d12b
ppc64le
tigervnc-1.12.0-6.el8_6.3.ppc64le.rpm
SHA-256: bd5b134cd76f2b2cb8c3607ccd56071e239315790447997ed8a6f538b6094e91
tigervnc-debuginfo-1.12.0-6.el8_6.3.ppc64le.rpm
SHA-256: c8e33b4c3434dca1647393c840ebb5e553be05b526d3eb3f131ee5fab957dee0
tigervnc-debugsource-1.12.0-6.el8_6.3.ppc64le.rpm
SHA-256: ff6614869874733f766b5e32de10b8db275f8716eeb6a7110fb9241eb5649f97
tigervnc-icons-1.12.0-6.el8_6.3.noarch.rpm
SHA-256: e6154d244042ee7aa1d66d54a57c304b7da8d22ed0a464a9e2b8365173cae0d3
tigervnc-license-1.12.0-6.el8_6.3.noarch.rpm
SHA-256: 52bea243e9b93d3212b71ca513912cd3368189dd9c794e3826ac39b6195d83eb
tigervnc-selinux-1.12.0-6.el8_6.3.noarch.rpm
SHA-256: 69b2e35c60a5aced70045713ca282d6da6ee239797ef6d5063fa2799cad53cd9
tigervnc-server-1.12.0-6.el8_6.3.ppc64le.rpm
SHA-256: 70ae2e9776e416bfa83b2ae2fc978ff29e27d51f2e5b617e630aaee486d63ae2
tigervnc-server-debuginfo-1.12.0-6.el8_6.3.ppc64le.rpm
SHA-256: 5d248bb4afdf47b59c419921f59414d47210ebd42b4f5e743ed238901d8258c8
tigervnc-server-minimal-1.12.0-6.el8_6.3.ppc64le.rpm
SHA-256: 2051a675567319817379f6a0035e0b4572ebc220ece80cd271c9dea3bbccd56d
tigervnc-server-minimal-debuginfo-1.12.0-6.el8_6.3.ppc64le.rpm
SHA-256: 78d70e215246fc1a921a2e005c981ecb7ee85f0f926776eb22fb92c3f8e1e749
tigervnc-server-module-1.12.0-6.el8_6.3.ppc64le.rpm
SHA-256: 138eb37ec2f152efd85dcecc033b2d68772c14dbe2b276e2b1e936cb5db4714e
tigervnc-server-module-debuginfo-1.12.0-6.el8_6.3.ppc64le.rpm
SHA-256: f686eddd14d41df62212e9d8ea4929d17541348393f8b305f860e7e56f53ad3b
Red Hat Enterprise Linux Server - TUS 8.6
SRPM
tigervnc-1.12.0-6.el8_6.3.src.rpm
SHA-256: 939e876db3ad1c4b8b55d5950927128f7b1a13d6183144e6cef95c8a28f9d12b
x86_64
tigervnc-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: 5dcbb5ed82c9c66ccea1bd26d86c5ef92b58a6be9c7daa101ef40a624e420df3
tigervnc-debuginfo-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: b16a6937b4065cc3b9a78df8768ece1c5ab0258d04e899c618bd5e5bf2cd95af
tigervnc-debugsource-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: fd0e8619f48a07c24d9090e843f88c6482f37259fcb2584601741af13e12dd9a
tigervnc-icons-1.12.0-6.el8_6.3.noarch.rpm
SHA-256: e6154d244042ee7aa1d66d54a57c304b7da8d22ed0a464a9e2b8365173cae0d3
tigervnc-license-1.12.0-6.el8_6.3.noarch.rpm
SHA-256: 52bea243e9b93d3212b71ca513912cd3368189dd9c794e3826ac39b6195d83eb
tigervnc-selinux-1.12.0-6.el8_6.3.noarch.rpm
SHA-256: 69b2e35c60a5aced70045713ca282d6da6ee239797ef6d5063fa2799cad53cd9
tigervnc-server-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: 96ae64edb274afe72fd9296cca14852f7293fd7b4d8b05162f09f1fdf4e75d38
tigervnc-server-debuginfo-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: 6f2327a20b485c94015b54b6f422d7de311fa2452c985f9a949ae129b934855b
tigervnc-server-minimal-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: 08b60fd237bc421ac6a56bfdebff8f496e4d336b1f530de57c3c7e461254202a
tigervnc-server-minimal-debuginfo-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: ac64d51f016eb21135dfee445ab2c326a3705714b51275dcea70f88118c0ff3b
tigervnc-server-module-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: d7960b2e99c533b60dc4825537b14ec9935fc02ab5a2973706091b50b913fca0
tigervnc-server-module-debuginfo-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: 3e3b76bb66dd9f1a59989fc9467992788ef67f85a2b74badf0ed75f8eea52443
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6
SRPM
tigervnc-1.12.0-6.el8_6.3.src.rpm
SHA-256: 939e876db3ad1c4b8b55d5950927128f7b1a13d6183144e6cef95c8a28f9d12b
aarch64
tigervnc-1.12.0-6.el8_6.3.aarch64.rpm
SHA-256: c70eefeb38ecf3dab42c8ec14e62484c11bb9fc9c935c786f4359368b3bf4966
tigervnc-debuginfo-1.12.0-6.el8_6.3.aarch64.rpm
SHA-256: 753f76bb2dcf41a0eadb6611a9dae8b683842771fe06cb3f16b7f1c0d1228699
tigervnc-debugsource-1.12.0-6.el8_6.3.aarch64.rpm
SHA-256: c3ec83edd175a7c2cbd39ed47b0f2b260bca815701448fdcdc18c3bc9a284160
tigervnc-icons-1.12.0-6.el8_6.3.noarch.rpm
SHA-256: e6154d244042ee7aa1d66d54a57c304b7da8d22ed0a464a9e2b8365173cae0d3
tigervnc-license-1.12.0-6.el8_6.3.noarch.rpm
SHA-256: 52bea243e9b93d3212b71ca513912cd3368189dd9c794e3826ac39b6195d83eb
tigervnc-selinux-1.12.0-6.el8_6.3.noarch.rpm
SHA-256: 69b2e35c60a5aced70045713ca282d6da6ee239797ef6d5063fa2799cad53cd9
tigervnc-server-1.12.0-6.el8_6.3.aarch64.rpm
SHA-256: d77659698d1c1e9ecf7e35cd2196dd6d50ef2b876e302d5deead28ae330fff08
tigervnc-server-debuginfo-1.12.0-6.el8_6.3.aarch64.rpm
SHA-256: 8829017e0ee75aedb33ca6cbf2c53f7ee02788c2a2593bb51a04eb3ae5df130b
tigervnc-server-minimal-1.12.0-6.el8_6.3.aarch64.rpm
SHA-256: 60e4ffc6f955f0c9ab908aa578f077704f50771f1721c51ff593044d942e89b5
tigervnc-server-minimal-debuginfo-1.12.0-6.el8_6.3.aarch64.rpm
SHA-256: 1822127de7d28e0d13a92e6d17eaa6addddd2829e9f8fb7c6ccbdadc149a5f15
tigervnc-server-module-1.12.0-6.el8_6.3.aarch64.rpm
SHA-256: b964488d6075ef0f206bb2aa77130669787abd219c06cb8289e068e619f6f717
tigervnc-server-module-debuginfo-1.12.0-6.el8_6.3.aarch64.rpm
SHA-256: c750111ac7c864c94f673684e996273f4e3c81cb0c654039a95996875dbcf615
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6
SRPM
tigervnc-1.12.0-6.el8_6.3.src.rpm
SHA-256: 939e876db3ad1c4b8b55d5950927128f7b1a13d6183144e6cef95c8a28f9d12b
ppc64le
tigervnc-1.12.0-6.el8_6.3.ppc64le.rpm
SHA-256: bd5b134cd76f2b2cb8c3607ccd56071e239315790447997ed8a6f538b6094e91
tigervnc-debuginfo-1.12.0-6.el8_6.3.ppc64le.rpm
SHA-256: c8e33b4c3434dca1647393c840ebb5e553be05b526d3eb3f131ee5fab957dee0
tigervnc-debugsource-1.12.0-6.el8_6.3.ppc64le.rpm
SHA-256: ff6614869874733f766b5e32de10b8db275f8716eeb6a7110fb9241eb5649f97
tigervnc-icons-1.12.0-6.el8_6.3.noarch.rpm
SHA-256: e6154d244042ee7aa1d66d54a57c304b7da8d22ed0a464a9e2b8365173cae0d3
tigervnc-license-1.12.0-6.el8_6.3.noarch.rpm
SHA-256: 52bea243e9b93d3212b71ca513912cd3368189dd9c794e3826ac39b6195d83eb
tigervnc-selinux-1.12.0-6.el8_6.3.noarch.rpm
SHA-256: 69b2e35c60a5aced70045713ca282d6da6ee239797ef6d5063fa2799cad53cd9
tigervnc-server-1.12.0-6.el8_6.3.ppc64le.rpm
SHA-256: 70ae2e9776e416bfa83b2ae2fc978ff29e27d51f2e5b617e630aaee486d63ae2
tigervnc-server-debuginfo-1.12.0-6.el8_6.3.ppc64le.rpm
SHA-256: 5d248bb4afdf47b59c419921f59414d47210ebd42b4f5e743ed238901d8258c8
tigervnc-server-minimal-1.12.0-6.el8_6.3.ppc64le.rpm
SHA-256: 2051a675567319817379f6a0035e0b4572ebc220ece80cd271c9dea3bbccd56d
tigervnc-server-minimal-debuginfo-1.12.0-6.el8_6.3.ppc64le.rpm
SHA-256: 78d70e215246fc1a921a2e005c981ecb7ee85f0f926776eb22fb92c3f8e1e749
tigervnc-server-module-1.12.0-6.el8_6.3.ppc64le.rpm
SHA-256: 138eb37ec2f152efd85dcecc033b2d68772c14dbe2b276e2b1e936cb5db4714e
tigervnc-server-module-debuginfo-1.12.0-6.el8_6.3.ppc64le.rpm
SHA-256: f686eddd14d41df62212e9d8ea4929d17541348393f8b305f860e7e56f53ad3b
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6
SRPM
tigervnc-1.12.0-6.el8_6.3.src.rpm
SHA-256: 939e876db3ad1c4b8b55d5950927128f7b1a13d6183144e6cef95c8a28f9d12b
x86_64
tigervnc-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: 5dcbb5ed82c9c66ccea1bd26d86c5ef92b58a6be9c7daa101ef40a624e420df3
tigervnc-debuginfo-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: b16a6937b4065cc3b9a78df8768ece1c5ab0258d04e899c618bd5e5bf2cd95af
tigervnc-debugsource-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: fd0e8619f48a07c24d9090e843f88c6482f37259fcb2584601741af13e12dd9a
tigervnc-icons-1.12.0-6.el8_6.3.noarch.rpm
SHA-256: e6154d244042ee7aa1d66d54a57c304b7da8d22ed0a464a9e2b8365173cae0d3
tigervnc-license-1.12.0-6.el8_6.3.noarch.rpm
SHA-256: 52bea243e9b93d3212b71ca513912cd3368189dd9c794e3826ac39b6195d83eb
tigervnc-selinux-1.12.0-6.el8_6.3.noarch.rpm
SHA-256: 69b2e35c60a5aced70045713ca282d6da6ee239797ef6d5063fa2799cad53cd9
tigervnc-server-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: 96ae64edb274afe72fd9296cca14852f7293fd7b4d8b05162f09f1fdf4e75d38
tigervnc-server-debuginfo-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: 6f2327a20b485c94015b54b6f422d7de311fa2452c985f9a949ae129b934855b
tigervnc-server-minimal-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: 08b60fd237bc421ac6a56bfdebff8f496e4d336b1f530de57c3c7e461254202a
tigervnc-server-minimal-debuginfo-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: ac64d51f016eb21135dfee445ab2c326a3705714b51275dcea70f88118c0ff3b
tigervnc-server-module-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: d7960b2e99c533b60dc4825537b14ec9935fc02ab5a2973706091b50b913fca0
tigervnc-server-module-debuginfo-1.12.0-6.el8_6.3.x86_64.rpm
SHA-256: 3e3b76bb66dd9f1a59989fc9467992788ef67f85a2b74badf0ed75f8eea52443
Related news
Red Hat Security Advisory 2023-1549-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-1600-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-1594-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include privilege escalation and use-after-free vulnerabilities.
An update for tigervnc and xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserve...
A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
Ubuntu Security Notice 5986-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Debian Linux Security Advisory 5380-1 - Jan-Niklas Sohn discovered that a user-after-free flaw in the Composite extension of the X.org X server may result in privilege escalation if the X server is running under the root user.