Headline
RHSA-2023:0671: Red Hat Security Advisory: tigervnc security update
An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-02-08
Updated:
2023-02-08
RHSA-2023:0671 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: tigervnc security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.
Security Fix(es):
- xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation (CVE-2023-0494)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux Server - AUS 8.2 x86_64
- Red Hat Enterprise Linux Server - TUS 8.2 x86_64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64
Fixes
- BZ - 2165995 - CVE-2023-0494 xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation
Red Hat Enterprise Linux Server - AUS 8.2
SRPM
tigervnc-1.9.0-15.el8_2.1.src.rpm
SHA-256: 35ccbe6d8a428de7697d0cca7a54ea388eba2d078ff2fa366c02586009fd76f5
x86_64
tigervnc-1.9.0-15.el8_2.1.x86_64.rpm
SHA-256: 05d3f131da52a691d57d85e232b3c412cba876276ee2779995ada422265c3aab
tigervnc-debuginfo-1.9.0-15.el8_2.1.x86_64.rpm
SHA-256: 428f531b04542fc42588b600a102d45234a4d8639ac4ac2a434d82a9fdb5942d
tigervnc-debugsource-1.9.0-15.el8_2.1.x86_64.rpm
SHA-256: c4b4a6b8c8c1748559b58ad1df4a00e31e373dd7e60edf7e74026b459ebb8a29
tigervnc-icons-1.9.0-15.el8_2.1.noarch.rpm
SHA-256: e1656abd711f0c8b75a5acab7a86d225b43673622ec5eb4199e0907f7d5432f3
tigervnc-license-1.9.0-15.el8_2.1.noarch.rpm
SHA-256: f230390728202fd2ecde5b2ea7cf4c9331ed5c417f1bc2c997cc14e4448420ce
tigervnc-server-1.9.0-15.el8_2.1.x86_64.rpm
SHA-256: f7d0612a54801ef9a7da0c44064f8ba693b77d1bb4013df5c39a94eb24fa1a12
tigervnc-server-applet-1.9.0-15.el8_2.1.noarch.rpm
SHA-256: 2d5e9dc5b35afdb37e26c684b6f7f6177390f3fc9fb8f5dc40b539a3d39daf41
tigervnc-server-debuginfo-1.9.0-15.el8_2.1.x86_64.rpm
SHA-256: 9bde94dc1b452db1142b0cb96f07ee579805dfece2903633e723f78281be2abf
tigervnc-server-minimal-1.9.0-15.el8_2.1.x86_64.rpm
SHA-256: 4e09b1065a0621ff91662b93b302601ea96e2bcd97d362e29ba5ffb3b83f1e89
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.1.x86_64.rpm
SHA-256: 8c3c6df0ef6c3959d41ca2b95cbdc18ea206fb2416b43e2134121700ebf3683c
tigervnc-server-module-1.9.0-15.el8_2.1.x86_64.rpm
SHA-256: a59b35aa9275b3f2405bddbc05f5fb5482008d8de1f33a5427ea1492675923a9
tigervnc-server-module-debuginfo-1.9.0-15.el8_2.1.x86_64.rpm
SHA-256: f7b205f44d0e3ea36a46db94bdc2bc1ac62bc5e5e51aaa4aef9a28d0c16d1077
Red Hat Enterprise Linux Server - TUS 8.2
SRPM
tigervnc-1.9.0-15.el8_2.1.src.rpm
SHA-256: 35ccbe6d8a428de7697d0cca7a54ea388eba2d078ff2fa366c02586009fd76f5
x86_64
tigervnc-1.9.0-15.el8_2.1.x86_64.rpm
SHA-256: 05d3f131da52a691d57d85e232b3c412cba876276ee2779995ada422265c3aab
tigervnc-debuginfo-1.9.0-15.el8_2.1.x86_64.rpm
SHA-256: 428f531b04542fc42588b600a102d45234a4d8639ac4ac2a434d82a9fdb5942d
tigervnc-debugsource-1.9.0-15.el8_2.1.x86_64.rpm
SHA-256: c4b4a6b8c8c1748559b58ad1df4a00e31e373dd7e60edf7e74026b459ebb8a29
tigervnc-icons-1.9.0-15.el8_2.1.noarch.rpm
SHA-256: e1656abd711f0c8b75a5acab7a86d225b43673622ec5eb4199e0907f7d5432f3
tigervnc-license-1.9.0-15.el8_2.1.noarch.rpm
SHA-256: f230390728202fd2ecde5b2ea7cf4c9331ed5c417f1bc2c997cc14e4448420ce
tigervnc-server-1.9.0-15.el8_2.1.x86_64.rpm
SHA-256: f7d0612a54801ef9a7da0c44064f8ba693b77d1bb4013df5c39a94eb24fa1a12
tigervnc-server-applet-1.9.0-15.el8_2.1.noarch.rpm
SHA-256: 2d5e9dc5b35afdb37e26c684b6f7f6177390f3fc9fb8f5dc40b539a3d39daf41
tigervnc-server-debuginfo-1.9.0-15.el8_2.1.x86_64.rpm
SHA-256: 9bde94dc1b452db1142b0cb96f07ee579805dfece2903633e723f78281be2abf
tigervnc-server-minimal-1.9.0-15.el8_2.1.x86_64.rpm
SHA-256: 4e09b1065a0621ff91662b93b302601ea96e2bcd97d362e29ba5ffb3b83f1e89
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.1.x86_64.rpm
SHA-256: 8c3c6df0ef6c3959d41ca2b95cbdc18ea206fb2416b43e2134121700ebf3683c
tigervnc-server-module-1.9.0-15.el8_2.1.x86_64.rpm
SHA-256: a59b35aa9275b3f2405bddbc05f5fb5482008d8de1f33a5427ea1492675923a9
tigervnc-server-module-debuginfo-1.9.0-15.el8_2.1.x86_64.rpm
SHA-256: f7b205f44d0e3ea36a46db94bdc2bc1ac62bc5e5e51aaa4aef9a28d0c16d1077
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2
SRPM
tigervnc-1.9.0-15.el8_2.1.src.rpm
SHA-256: 35ccbe6d8a428de7697d0cca7a54ea388eba2d078ff2fa366c02586009fd76f5
ppc64le
tigervnc-1.9.0-15.el8_2.1.ppc64le.rpm
SHA-256: a8e33d8d8fcd5460b5dde59658460e75bbed08c1977fb4b60ac562da9a2ba98e
tigervnc-debuginfo-1.9.0-15.el8_2.1.ppc64le.rpm
SHA-256: c37921e9611e9af3f7922dc0e2d85c1e12ee986140195944b55545c50c6b7b55
tigervnc-debugsource-1.9.0-15.el8_2.1.ppc64le.rpm
SHA-256: e51e156d16268cdc4bb31c614c7e52b6701d20679357a043a962d6519c7f9e01
tigervnc-icons-1.9.0-15.el8_2.1.noarch.rpm
SHA-256: e1656abd711f0c8b75a5acab7a86d225b43673622ec5eb4199e0907f7d5432f3
tigervnc-license-1.9.0-15.el8_2.1.noarch.rpm
SHA-256: f230390728202fd2ecde5b2ea7cf4c9331ed5c417f1bc2c997cc14e4448420ce
tigervnc-server-1.9.0-15.el8_2.1.ppc64le.rpm
SHA-256: a32400dc7f6905e8fc2c2aefcf9aee201b463ce714a9767fb06c91bdc7dba060
tigervnc-server-applet-1.9.0-15.el8_2.1.noarch.rpm
SHA-256: 2d5e9dc5b35afdb37e26c684b6f7f6177390f3fc9fb8f5dc40b539a3d39daf41
tigervnc-server-debuginfo-1.9.0-15.el8_2.1.ppc64le.rpm
SHA-256: ba61c37e7ce92c3faf2646265873a692ba5b76895d33f41b5ea301312f18af73
tigervnc-server-minimal-1.9.0-15.el8_2.1.ppc64le.rpm
SHA-256: 3a40537ed646c075c8a66f5244d4d75de3f54fabf462276811c6a2b389ec1a3d
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.1.ppc64le.rpm
SHA-256: ecd94980bf0146b965abf247c22020838707b219efb57baae000776494d870c0
tigervnc-server-module-1.9.0-15.el8_2.1.ppc64le.rpm
SHA-256: c8b2c59d9a361a9ffe769835fca5a8f74ae99477f36329a6d806daec3858995b
tigervnc-server-module-debuginfo-1.9.0-15.el8_2.1.ppc64le.rpm
SHA-256: 35839aae53c86245a41854419be75f24dc6aee2677c66b21e09a524bc27941ee
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2
SRPM
tigervnc-1.9.0-15.el8_2.1.src.rpm
SHA-256: 35ccbe6d8a428de7697d0cca7a54ea388eba2d078ff2fa366c02586009fd76f5
x86_64
tigervnc-1.9.0-15.el8_2.1.x86_64.rpm
SHA-256: 05d3f131da52a691d57d85e232b3c412cba876276ee2779995ada422265c3aab
tigervnc-debuginfo-1.9.0-15.el8_2.1.x86_64.rpm
SHA-256: 428f531b04542fc42588b600a102d45234a4d8639ac4ac2a434d82a9fdb5942d
tigervnc-debugsource-1.9.0-15.el8_2.1.x86_64.rpm
SHA-256: c4b4a6b8c8c1748559b58ad1df4a00e31e373dd7e60edf7e74026b459ebb8a29
tigervnc-icons-1.9.0-15.el8_2.1.noarch.rpm
SHA-256: e1656abd711f0c8b75a5acab7a86d225b43673622ec5eb4199e0907f7d5432f3
tigervnc-license-1.9.0-15.el8_2.1.noarch.rpm
SHA-256: f230390728202fd2ecde5b2ea7cf4c9331ed5c417f1bc2c997cc14e4448420ce
tigervnc-server-1.9.0-15.el8_2.1.x86_64.rpm
SHA-256: f7d0612a54801ef9a7da0c44064f8ba693b77d1bb4013df5c39a94eb24fa1a12
tigervnc-server-applet-1.9.0-15.el8_2.1.noarch.rpm
SHA-256: 2d5e9dc5b35afdb37e26c684b6f7f6177390f3fc9fb8f5dc40b539a3d39daf41
tigervnc-server-debuginfo-1.9.0-15.el8_2.1.x86_64.rpm
SHA-256: 9bde94dc1b452db1142b0cb96f07ee579805dfece2903633e723f78281be2abf
tigervnc-server-minimal-1.9.0-15.el8_2.1.x86_64.rpm
SHA-256: 4e09b1065a0621ff91662b93b302601ea96e2bcd97d362e29ba5ffb3b83f1e89
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.1.x86_64.rpm
SHA-256: 8c3c6df0ef6c3959d41ca2b95cbdc18ea206fb2416b43e2134121700ebf3683c
tigervnc-server-module-1.9.0-15.el8_2.1.x86_64.rpm
SHA-256: a59b35aa9275b3f2405bddbc05f5fb5482008d8de1f33a5427ea1492675923a9
tigervnc-server-module-debuginfo-1.9.0-15.el8_2.1.x86_64.rpm
SHA-256: f7b205f44d0e3ea36a46db94bdc2bc1ac62bc5e5e51aaa4aef9a28d0c16d1077
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The Pro...
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The Pro...
Ubuntu Security Notice 5778-2 - USN-5778-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Red Hat Security Advisory 2023-0675-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-0663-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-0665-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-0623-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.
An update for tigervnc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote cod...
An update for tigervnc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forw...
An update for tigervnc is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote cod...
An update for tigervnc is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and ...
Debian Linux Security Advisory 5342-1 - Jan-Niklas Sohn discovered that a user-after-free flaw in the X Input extension of the X.org X server may result in privilege escalation if the X server is running under the root user.
An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote cod...
An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forw...