Headline
RHSA-2023:1600: Red Hat Security Advisory: tigervnc security update
An update for tigervnc is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-04-04
Updated:
2023-04-04
RHSA-2023:1600 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: tigervnc security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for tigervnc is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.
Security Fix(es):
- xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability (CVE-2023-1393)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64
Fixes
- BZ - 2180288 - CVE-2023-1393 xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1
SRPM
tigervnc-1.9.0-16.el8_1.3.src.rpm
SHA-256: 07dbfe8302b4e4053966e05345c27a3ee604e07ba5433d8c8096bb4a8322a652
ppc64le
tigervnc-1.9.0-16.el8_1.3.ppc64le.rpm
SHA-256: 94c1e19a46c68b8772301c51fb1713fed7ac73126816f0b339832e25ca97dac5
tigervnc-debuginfo-1.9.0-16.el8_1.3.ppc64le.rpm
SHA-256: a893656011795ce70ef3083749c1393285fd9a2e5864b2fe6b7a9deb900540d6
tigervnc-debugsource-1.9.0-16.el8_1.3.ppc64le.rpm
SHA-256: 5b8025ae7372d5920133407380ed282f847412b3d30509f1324b3190519ac71a
tigervnc-icons-1.9.0-16.el8_1.3.noarch.rpm
SHA-256: 3481b836be0e9d8afda6d770006ead8cab18269a4c12c5959ce4f951dfb98bbc
tigervnc-license-1.9.0-16.el8_1.3.noarch.rpm
SHA-256: e34a72213aa3c70b4e41b29b3a58585ed2fc091da1d20782a38f13c3de5a21ca
tigervnc-server-1.9.0-16.el8_1.3.ppc64le.rpm
SHA-256: bbab80099668835debfc0be495399caf03f36898ad67a8e02fed1ddc69f92db3
tigervnc-server-applet-1.9.0-16.el8_1.3.noarch.rpm
SHA-256: 696b02959b2362ed8e22c28f1221857b0730b42b20a4a25415678019a2b83907
tigervnc-server-debuginfo-1.9.0-16.el8_1.3.ppc64le.rpm
SHA-256: 581ccab31e7cb245b4325f6d28a28fa492c85c722fb9e7610ff131d28cb70eee
tigervnc-server-minimal-1.9.0-16.el8_1.3.ppc64le.rpm
SHA-256: ca0388551c7ae08e5f4592b5869edfab4db34daf99cb2a9857fd0a0e51a262e0
tigervnc-server-minimal-debuginfo-1.9.0-16.el8_1.3.ppc64le.rpm
SHA-256: a8930665559dae56f524f1052bc91bde2b5d0f5a264f5cd747e373fe78447245
tigervnc-server-module-1.9.0-16.el8_1.3.ppc64le.rpm
SHA-256: 3408b497be6fd7341fcfdca60293b41fd2000e4c2ea3e8555ed8e7ecd92d115d
tigervnc-server-module-debuginfo-1.9.0-16.el8_1.3.ppc64le.rpm
SHA-256: 9dcb637a85e427669d282ef3c5f03ffc4cd1fcea49f4e23319254b2575d397a7
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1
SRPM
tigervnc-1.9.0-16.el8_1.3.src.rpm
SHA-256: 07dbfe8302b4e4053966e05345c27a3ee604e07ba5433d8c8096bb4a8322a652
x86_64
tigervnc-1.9.0-16.el8_1.3.x86_64.rpm
SHA-256: 2d5b0e048a175f7f2b0e6c20e633d618275f2708b9f0b0948d447e9f62639398
tigervnc-debuginfo-1.9.0-16.el8_1.3.x86_64.rpm
SHA-256: 084df6fe05213f571da824ae77d7eef553776490791e6a8c09a567789c32d458
tigervnc-debugsource-1.9.0-16.el8_1.3.x86_64.rpm
SHA-256: eb17b342bfb5995bcdbb65dd5b78caceed2c7d37217e494d1e19719eafd65d88
tigervnc-icons-1.9.0-16.el8_1.3.noarch.rpm
SHA-256: 3481b836be0e9d8afda6d770006ead8cab18269a4c12c5959ce4f951dfb98bbc
tigervnc-license-1.9.0-16.el8_1.3.noarch.rpm
SHA-256: e34a72213aa3c70b4e41b29b3a58585ed2fc091da1d20782a38f13c3de5a21ca
tigervnc-server-1.9.0-16.el8_1.3.x86_64.rpm
SHA-256: 96a8496b403c9eab59ea866b9502980b7b85f50ecf6bac79cde30db4595f2e42
tigervnc-server-applet-1.9.0-16.el8_1.3.noarch.rpm
SHA-256: 696b02959b2362ed8e22c28f1221857b0730b42b20a4a25415678019a2b83907
tigervnc-server-debuginfo-1.9.0-16.el8_1.3.x86_64.rpm
SHA-256: a721238403e518869e8636884409d448fc49b51a06668f47be4d596256c1a9d7
tigervnc-server-minimal-1.9.0-16.el8_1.3.x86_64.rpm
SHA-256: c6bffe8093143cc903debbaaa54d516247e260ab6118ca1f5ef6691eb357664e
tigervnc-server-minimal-debuginfo-1.9.0-16.el8_1.3.x86_64.rpm
SHA-256: d5c36364a0e3b4f660859e8128d5e41f5d5bd6485a7490223844abeb7f48b0a2
tigervnc-server-module-1.9.0-16.el8_1.3.x86_64.rpm
SHA-256: c383103df7cf02c7ff493c34193914aec6e2f0dd9631f4e3448e1b09247b9c94
tigervnc-server-module-debuginfo-1.9.0-16.el8_1.3.x86_64.rpm
SHA-256: e2434a94fdece94892ab66149057bfc0ab3cff2642518cbb66a01814478320cc
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2023-1549-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-1600-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-1594-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include privilege escalation and use-after-free vulnerabilities.
An update for tigervnc and xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserve...
A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
Ubuntu Security Notice 5986-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Debian Linux Security Advisory 5380-1 - Jan-Niklas Sohn discovered that a user-after-free flaw in the Composite extension of the X.org X server may result in privilege escalation if the X server is running under the root user.