Headline
RHSA-2023:0045: Red Hat Security Advisory: tigervnc security update
An update for tigervnc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free
- CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow
- CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access
- CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free
- CVE-2022-46343: xorg-x11-server: X.Org Server ScreenSaverSetAttributes use-after-free
- CVE-2022-46344: xorg-x11-server: X.Org Server XIChangeProperty out-of-bounds access
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-01-09
Updated:
2023-01-09
RHSA-2023:0045 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: tigervnc security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for tigervnc is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.
Security Fix(es):
- xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free (CVE-2022-4283)
- xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow (CVE-2022-46340)
- xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access (CVE-2022-46341)
- xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free (CVE-2022-46342)
- xorg-x11-server: X.Org Server ScreenSaverSetAttributes use-after-free (CVE-2022-46343)
- xorg-x11-server: X.Org Server XIChangeProperty out-of-bounds access (CVE-2022-46344)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Workstation 7 x86_64
- Red Hat Enterprise Linux Desktop 7 x86_64
- Red Hat Enterprise Linux for IBM z Systems 7 s390x
- Red Hat Enterprise Linux for Power, big endian 7 ppc64
- Red Hat Enterprise Linux for Scientific Computing 7 x86_64
- Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Fixes
- BZ - 2151755 - CVE-2022-46340 xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow
- BZ - 2151756 - CVE-2022-46341 xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access
- BZ - 2151757 - CVE-2022-46342 xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free
- BZ - 2151758 - CVE-2022-46343 xorg-x11-server: X.Org Server ScreenSaverSetAttributes use-after-free
- BZ - 2151760 - CVE-2022-46344 xorg-x11-server: X.Org Server XIChangeProperty out-of-bounds access
- BZ - 2151761 - CVE-2022-4283 xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free
CVEs
- CVE-2022-4283
- CVE-2022-46340
- CVE-2022-46341
- CVE-2022-46342
- CVE-2022-46343
- CVE-2022-46344
Red Hat Enterprise Linux Server 7
SRPM
tigervnc-1.8.0-23.el7_9.src.rpm
SHA-256: 4b9af45034413a8820ab24175297ac054108d3f54daa582cd651d5373d37d582
x86_64
tigervnc-1.8.0-23.el7_9.x86_64.rpm
SHA-256: 5b71363767780010c48c505dde60a4b9d5283ad39ade4a7ca2f68b354c1eb7a5
tigervnc-debuginfo-1.8.0-23.el7_9.x86_64.rpm
SHA-256: 536ebbf3351f5a2b1b39daf2f284b506d69c252c17561c6331b2ad54cf434c1d
tigervnc-debuginfo-1.8.0-23.el7_9.x86_64.rpm
SHA-256: 536ebbf3351f5a2b1b39daf2f284b506d69c252c17561c6331b2ad54cf434c1d
tigervnc-icons-1.8.0-23.el7_9.noarch.rpm
SHA-256: 784f6b4389398a5e13b14f8f34399599a84bfb014c2f5730ea058d70e6e4b6e0
tigervnc-license-1.8.0-23.el7_9.noarch.rpm
SHA-256: 4eb22009d370db078516995ff6f9a3e9cb45209f279ca7918360f645c8b7ea7d
tigervnc-server-1.8.0-23.el7_9.x86_64.rpm
SHA-256: 7ba1a61811f282368ccc5b7b32dbc1a439fb758784fd86ac0cb77b4e15c6cebc
tigervnc-server-applet-1.8.0-23.el7_9.noarch.rpm
SHA-256: f57018884277af5b729977d2d6751d921dfeec9570ee251c28be34e5073b1fc5
tigervnc-server-minimal-1.8.0-23.el7_9.x86_64.rpm
SHA-256: 492b1dc1d952d8baf1a4dbd732328e736c0d667e559f5d9bf97adff6298ec840
tigervnc-server-module-1.8.0-23.el7_9.x86_64.rpm
SHA-256: 684f32e29dd6a081a287a91be1331aca8815f9cbc23d445dcd2a6662e2749cc0
Red Hat Enterprise Linux Workstation 7
SRPM
tigervnc-1.8.0-23.el7_9.src.rpm
SHA-256: 4b9af45034413a8820ab24175297ac054108d3f54daa582cd651d5373d37d582
x86_64
tigervnc-1.8.0-23.el7_9.x86_64.rpm
SHA-256: 5b71363767780010c48c505dde60a4b9d5283ad39ade4a7ca2f68b354c1eb7a5
tigervnc-debuginfo-1.8.0-23.el7_9.x86_64.rpm
SHA-256: 536ebbf3351f5a2b1b39daf2f284b506d69c252c17561c6331b2ad54cf434c1d
tigervnc-debuginfo-1.8.0-23.el7_9.x86_64.rpm
SHA-256: 536ebbf3351f5a2b1b39daf2f284b506d69c252c17561c6331b2ad54cf434c1d
tigervnc-icons-1.8.0-23.el7_9.noarch.rpm
SHA-256: 784f6b4389398a5e13b14f8f34399599a84bfb014c2f5730ea058d70e6e4b6e0
tigervnc-license-1.8.0-23.el7_9.noarch.rpm
SHA-256: 4eb22009d370db078516995ff6f9a3e9cb45209f279ca7918360f645c8b7ea7d
tigervnc-server-1.8.0-23.el7_9.x86_64.rpm
SHA-256: 7ba1a61811f282368ccc5b7b32dbc1a439fb758784fd86ac0cb77b4e15c6cebc
tigervnc-server-applet-1.8.0-23.el7_9.noarch.rpm
SHA-256: f57018884277af5b729977d2d6751d921dfeec9570ee251c28be34e5073b1fc5
tigervnc-server-minimal-1.8.0-23.el7_9.x86_64.rpm
SHA-256: 492b1dc1d952d8baf1a4dbd732328e736c0d667e559f5d9bf97adff6298ec840
tigervnc-server-module-1.8.0-23.el7_9.x86_64.rpm
SHA-256: 684f32e29dd6a081a287a91be1331aca8815f9cbc23d445dcd2a6662e2749cc0
Red Hat Enterprise Linux Desktop 7
SRPM
tigervnc-1.8.0-23.el7_9.src.rpm
SHA-256: 4b9af45034413a8820ab24175297ac054108d3f54daa582cd651d5373d37d582
x86_64
tigervnc-1.8.0-23.el7_9.x86_64.rpm
SHA-256: 5b71363767780010c48c505dde60a4b9d5283ad39ade4a7ca2f68b354c1eb7a5
tigervnc-debuginfo-1.8.0-23.el7_9.x86_64.rpm
SHA-256: 536ebbf3351f5a2b1b39daf2f284b506d69c252c17561c6331b2ad54cf434c1d
tigervnc-debuginfo-1.8.0-23.el7_9.x86_64.rpm
SHA-256: 536ebbf3351f5a2b1b39daf2f284b506d69c252c17561c6331b2ad54cf434c1d
tigervnc-icons-1.8.0-23.el7_9.noarch.rpm
SHA-256: 784f6b4389398a5e13b14f8f34399599a84bfb014c2f5730ea058d70e6e4b6e0
tigervnc-license-1.8.0-23.el7_9.noarch.rpm
SHA-256: 4eb22009d370db078516995ff6f9a3e9cb45209f279ca7918360f645c8b7ea7d
tigervnc-server-1.8.0-23.el7_9.x86_64.rpm
SHA-256: 7ba1a61811f282368ccc5b7b32dbc1a439fb758784fd86ac0cb77b4e15c6cebc
tigervnc-server-applet-1.8.0-23.el7_9.noarch.rpm
SHA-256: f57018884277af5b729977d2d6751d921dfeec9570ee251c28be34e5073b1fc5
tigervnc-server-minimal-1.8.0-23.el7_9.x86_64.rpm
SHA-256: 492b1dc1d952d8baf1a4dbd732328e736c0d667e559f5d9bf97adff6298ec840
tigervnc-server-module-1.8.0-23.el7_9.x86_64.rpm
SHA-256: 684f32e29dd6a081a287a91be1331aca8815f9cbc23d445dcd2a6662e2749cc0
Red Hat Enterprise Linux for IBM z Systems 7
SRPM
tigervnc-1.8.0-23.el7_9.src.rpm
SHA-256: 4b9af45034413a8820ab24175297ac054108d3f54daa582cd651d5373d37d582
s390x
tigervnc-1.8.0-23.el7_9.s390x.rpm
SHA-256: 3479de4d0e7fc38ca6c1c162aab2f1121c30a47de1ccbd7cc6e82ba619f4184e
tigervnc-debuginfo-1.8.0-23.el7_9.s390x.rpm
SHA-256: 7aef070b92ce175614cc554429a5e2d3bcfc692f77156ca12ffc151a0e53c516
tigervnc-icons-1.8.0-23.el7_9.noarch.rpm
SHA-256: 784f6b4389398a5e13b14f8f34399599a84bfb014c2f5730ea058d70e6e4b6e0
tigervnc-license-1.8.0-23.el7_9.noarch.rpm
SHA-256: 4eb22009d370db078516995ff6f9a3e9cb45209f279ca7918360f645c8b7ea7d
tigervnc-server-1.8.0-23.el7_9.s390x.rpm
SHA-256: c270d1a6c5098958b2d19a1bc9a18d810870b411e69c75e84ed8a54cfddce4eb
tigervnc-server-applet-1.8.0-23.el7_9.noarch.rpm
SHA-256: f57018884277af5b729977d2d6751d921dfeec9570ee251c28be34e5073b1fc5
tigervnc-server-minimal-1.8.0-23.el7_9.s390x.rpm
SHA-256: 340a408d6141b780b41a3e9090426a7d9e4da71b5d16d5ed5ccd760e9257c1b0
Red Hat Enterprise Linux for Power, big endian 7
SRPM
tigervnc-1.8.0-23.el7_9.src.rpm
SHA-256: 4b9af45034413a8820ab24175297ac054108d3f54daa582cd651d5373d37d582
ppc64
tigervnc-1.8.0-23.el7_9.ppc64.rpm
SHA-256: e3cfba7d17157c6cc74ae0eb65fc0816f23b5be23701ae05a4ebb0be9a535ba6
tigervnc-debuginfo-1.8.0-23.el7_9.ppc64.rpm
SHA-256: d256250a23fd5e56f6f32e37815a1e85d5f7a2eb5e9265d24ecb7c8fa28b0f87
tigervnc-debuginfo-1.8.0-23.el7_9.ppc64.rpm
SHA-256: d256250a23fd5e56f6f32e37815a1e85d5f7a2eb5e9265d24ecb7c8fa28b0f87
tigervnc-icons-1.8.0-23.el7_9.noarch.rpm
SHA-256: 784f6b4389398a5e13b14f8f34399599a84bfb014c2f5730ea058d70e6e4b6e0
tigervnc-license-1.8.0-23.el7_9.noarch.rpm
SHA-256: 4eb22009d370db078516995ff6f9a3e9cb45209f279ca7918360f645c8b7ea7d
tigervnc-server-1.8.0-23.el7_9.ppc64.rpm
SHA-256: 5c9690b0f7cc39974ac9df41e11078d1bf22100a44acc74eed40d3acd2d2e546
tigervnc-server-applet-1.8.0-23.el7_9.noarch.rpm
SHA-256: f57018884277af5b729977d2d6751d921dfeec9570ee251c28be34e5073b1fc5
tigervnc-server-minimal-1.8.0-23.el7_9.ppc64.rpm
SHA-256: da3352b0e9c533394666561fe0f24205efc648c8abb5fc665ec428af1099dce0
tigervnc-server-module-1.8.0-23.el7_9.ppc64.rpm
SHA-256: c729173fe4c6dfd4c7dc177108223624777b9c8da9d6eca402cbd7065471e399
Red Hat Enterprise Linux for Scientific Computing 7
SRPM
tigervnc-1.8.0-23.el7_9.src.rpm
SHA-256: 4b9af45034413a8820ab24175297ac054108d3f54daa582cd651d5373d37d582
x86_64
tigervnc-1.8.0-23.el7_9.x86_64.rpm
SHA-256: 5b71363767780010c48c505dde60a4b9d5283ad39ade4a7ca2f68b354c1eb7a5
tigervnc-debuginfo-1.8.0-23.el7_9.x86_64.rpm
SHA-256: 536ebbf3351f5a2b1b39daf2f284b506d69c252c17561c6331b2ad54cf434c1d
tigervnc-debuginfo-1.8.0-23.el7_9.x86_64.rpm
SHA-256: 536ebbf3351f5a2b1b39daf2f284b506d69c252c17561c6331b2ad54cf434c1d
tigervnc-icons-1.8.0-23.el7_9.noarch.rpm
SHA-256: 784f6b4389398a5e13b14f8f34399599a84bfb014c2f5730ea058d70e6e4b6e0
tigervnc-license-1.8.0-23.el7_9.noarch.rpm
SHA-256: 4eb22009d370db078516995ff6f9a3e9cb45209f279ca7918360f645c8b7ea7d
tigervnc-server-1.8.0-23.el7_9.x86_64.rpm
SHA-256: 7ba1a61811f282368ccc5b7b32dbc1a439fb758784fd86ac0cb77b4e15c6cebc
tigervnc-server-applet-1.8.0-23.el7_9.noarch.rpm
SHA-256: f57018884277af5b729977d2d6751d921dfeec9570ee251c28be34e5073b1fc5
tigervnc-server-minimal-1.8.0-23.el7_9.x86_64.rpm
SHA-256: 492b1dc1d952d8baf1a4dbd732328e736c0d667e559f5d9bf97adff6298ec840
tigervnc-server-module-1.8.0-23.el7_9.x86_64.rpm
SHA-256: 684f32e29dd6a081a287a91be1331aca8815f9cbc23d445dcd2a6662e2749cc0
Red Hat Enterprise Linux for Power, little endian 7
SRPM
tigervnc-1.8.0-23.el7_9.src.rpm
SHA-256: 4b9af45034413a8820ab24175297ac054108d3f54daa582cd651d5373d37d582
ppc64le
tigervnc-1.8.0-23.el7_9.ppc64le.rpm
SHA-256: 0f0015bc0aa086814632f9b5f5cea4d90732e05c9a47140e73c4b78fc0e9bf21
tigervnc-debuginfo-1.8.0-23.el7_9.ppc64le.rpm
SHA-256: 009cc3834175dcdfcf911cfb4ba10788c4d525736b4f3cd963b109248125ef46
tigervnc-debuginfo-1.8.0-23.el7_9.ppc64le.rpm
SHA-256: 009cc3834175dcdfcf911cfb4ba10788c4d525736b4f3cd963b109248125ef46
tigervnc-icons-1.8.0-23.el7_9.noarch.rpm
SHA-256: 784f6b4389398a5e13b14f8f34399599a84bfb014c2f5730ea058d70e6e4b6e0
tigervnc-license-1.8.0-23.el7_9.noarch.rpm
SHA-256: 4eb22009d370db078516995ff6f9a3e9cb45209f279ca7918360f645c8b7ea7d
tigervnc-server-1.8.0-23.el7_9.ppc64le.rpm
SHA-256: 66e1153dcea7c4ae7f0056ff40edefd4558b89e3998186b725d0d3818606e390
tigervnc-server-applet-1.8.0-23.el7_9.noarch.rpm
SHA-256: f57018884277af5b729977d2d6751d921dfeec9570ee251c28be34e5073b1fc5
tigervnc-server-minimal-1.8.0-23.el7_9.ppc64le.rpm
SHA-256: 0042cfcf0d4cca1bc1d9e9c9ccf279224f8d5ac23b035e94daef24740bd5b82e
tigervnc-server-module-1.8.0-23.el7_9.ppc64le.rpm
SHA-256: e93ce0e57805358d319616e6bed2ab662f0fd08dc3c7175e4c2d6d01b915918a
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The Pro...
An update for tigervnc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: A vulnerability was found in X.Org. This issue occurs because the XkbCopyNames function leaves a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwar...
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The ProcXkbGetKb...
An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: A vulnerability was found in X.Org. This issue occurs because the XkbCopyNames function leaves a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwar...
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The Pro...
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The ProcXkbGetKb...
Ubuntu Security Notice 5778-2 - USN-5778-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Red Hat Security Advisory 2023-0045-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include out of bounds access and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-0046-01 - X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include out of bounds access and use-after-free vulnerabilities.
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-...
Debian Linux Security Advisory 5304-1 - Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.
Debian Linux Security Advisory 5304-1 - Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.
Debian Linux Security Advisory 5304-1 - Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.
Debian Linux Security Advisory 5304-1 - Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.
Debian Linux Security Advisory 5304-1 - Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.
Debian Linux Security Advisory 5304-1 - Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se
A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.
Ubuntu Security Notice 5778-1 - Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Ubuntu Security Notice 5778-1 - Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Ubuntu Security Notice 5778-1 - Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Ubuntu Security Notice 5778-1 - Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Ubuntu Security Notice 5778-1 - Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Ubuntu Security Notice 5778-1 - Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.