Headline
RHSA-2023:1551: Red Hat Security Advisory: tigervnc security update
An update for tigervnc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-04-04
Updated:
2023-04-04
RHSA-2023:1551 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: tigervnc security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for tigervnc is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.
Security Fix(es):
- xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability (CVE-2023-1393)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 2180288 - CVE-2023-1393 xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability
Red Hat Enterprise Linux for x86_64 8
SRPM
tigervnc-1.12.0-9.el8_7.3.src.rpm
SHA-256: acd1f4030ca737eb2a2e9c7e2ea3b6b59a859ee4837e4a05972ccc97a7f46f08
x86_64
tigervnc-1.12.0-9.el8_7.3.x86_64.rpm
SHA-256: 407e2012310a27f8b9a67ae5b17a7ca554d2a2e0ac1889d030ddea134b528500
tigervnc-debuginfo-1.12.0-9.el8_7.3.x86_64.rpm
SHA-256: 9b903d4b445712a0ff3071691c0df4dc70fb5ea403fe583e2d9f0033a6ca4806
tigervnc-debugsource-1.12.0-9.el8_7.3.x86_64.rpm
SHA-256: 96933b31e1afcb4dded9a16afc3e135beef7e555dd6a862b6669138a5ee8ce8f
tigervnc-icons-1.12.0-9.el8_7.3.noarch.rpm
SHA-256: 429d2585b7735b73986c8213cdf738a46297333879f9dfda6f6e937337508b5b
tigervnc-license-1.12.0-9.el8_7.3.noarch.rpm
SHA-256: f001b158b1a6dfe41eba01c243b31ef9f482c9658a8e38c2169cfafb3d72d793
tigervnc-selinux-1.12.0-9.el8_7.3.noarch.rpm
SHA-256: 30896e95ba066c57dec8a59e1a78f5f2ba468288322577a763b9a84dce11da2d
tigervnc-server-1.12.0-9.el8_7.3.x86_64.rpm
SHA-256: 681c0d1ac3891f9a0528cedcbc0e0ddf39d72552f22d753c45a125340ee53173
tigervnc-server-debuginfo-1.12.0-9.el8_7.3.x86_64.rpm
SHA-256: 0de64ab841138330817645daeb0458f3db49eed3a9449a0c7af8c04b139fe582
tigervnc-server-minimal-1.12.0-9.el8_7.3.x86_64.rpm
SHA-256: 2be79fa97a0a9842125735b561527790eea795d13c8098b874446e46163e5318
tigervnc-server-minimal-debuginfo-1.12.0-9.el8_7.3.x86_64.rpm
SHA-256: b9f4cfd102ea8873e248b6370ca0158e222b8253cd9b5e5881d16f420300f335
tigervnc-server-module-1.12.0-9.el8_7.3.x86_64.rpm
SHA-256: fecfda85a6cf5beb60fef3082c5cc51a45533091ba208677bd4f401bfea389c4
tigervnc-server-module-debuginfo-1.12.0-9.el8_7.3.x86_64.rpm
SHA-256: 72aca83f4da84624920d2ea3b3c03b36c1938855a7361be0c9fc30b8cd018e2b
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
tigervnc-1.12.0-9.el8_7.3.src.rpm
SHA-256: acd1f4030ca737eb2a2e9c7e2ea3b6b59a859ee4837e4a05972ccc97a7f46f08
s390x
tigervnc-1.12.0-9.el8_7.3.s390x.rpm
SHA-256: 36888003cfda9b827327a685d21565036fc6f76a224a57dccf277b91735fcafb
tigervnc-debuginfo-1.12.0-9.el8_7.3.s390x.rpm
SHA-256: 42e52921cf2ccc7fad344f656f3979a95b10ec89d27dfcefdd2593001a905af1
tigervnc-debugsource-1.12.0-9.el8_7.3.s390x.rpm
SHA-256: 5cec47bb8a88a836886444eecff2c9630741dbca3b5fc2de4e8e9581be4843d9
tigervnc-icons-1.12.0-9.el8_7.3.noarch.rpm
SHA-256: 429d2585b7735b73986c8213cdf738a46297333879f9dfda6f6e937337508b5b
tigervnc-license-1.12.0-9.el8_7.3.noarch.rpm
SHA-256: f001b158b1a6dfe41eba01c243b31ef9f482c9658a8e38c2169cfafb3d72d793
tigervnc-selinux-1.12.0-9.el8_7.3.noarch.rpm
SHA-256: 30896e95ba066c57dec8a59e1a78f5f2ba468288322577a763b9a84dce11da2d
tigervnc-server-1.12.0-9.el8_7.3.s390x.rpm
SHA-256: 3346105000bec99d9eb0b8ae36a54d2b7194025075b82ba031e5c2544e216efb
tigervnc-server-debuginfo-1.12.0-9.el8_7.3.s390x.rpm
SHA-256: eb17f48a1aef801db21ae0b5d94404fe1eb4dfb64ae2953ec216dfeb07670da3
tigervnc-server-minimal-1.12.0-9.el8_7.3.s390x.rpm
SHA-256: ca2e8ee79bef7b841faf319438470d15edb50b1090b8bf5dd9c9e2d96d3b6e91
tigervnc-server-minimal-debuginfo-1.12.0-9.el8_7.3.s390x.rpm
SHA-256: 2dfd7c26488387db8f27939de721f0da15f8f493f360c3c9b3fcdd2cb976d1b0
tigervnc-server-module-1.12.0-9.el8_7.3.s390x.rpm
SHA-256: a1c5c85ae2a392dfa1b21bff27e472183aabe1a2959f82320d63fe0ae73fee84
tigervnc-server-module-debuginfo-1.12.0-9.el8_7.3.s390x.rpm
SHA-256: d1a602c834752a859a9e015d4ae570cece42d43afc46b29d3bffe8b1bec6656f
Red Hat Enterprise Linux for Power, little endian 8
SRPM
tigervnc-1.12.0-9.el8_7.3.src.rpm
SHA-256: acd1f4030ca737eb2a2e9c7e2ea3b6b59a859ee4837e4a05972ccc97a7f46f08
ppc64le
tigervnc-1.12.0-9.el8_7.3.ppc64le.rpm
SHA-256: df0fd73b980722cc21d93bb995ce9a36d71965e6da8830532f10ad16ad4f9af6
tigervnc-debuginfo-1.12.0-9.el8_7.3.ppc64le.rpm
SHA-256: f4a653fd220e303e0e6062c7bcc3c18fe7431f4c91dae012e7a62b5b8a5abde2
tigervnc-debugsource-1.12.0-9.el8_7.3.ppc64le.rpm
SHA-256: 2a7e8ac83d11a35bed7c6ba54ba3a6b383159d2a1174daa5fee541b5ef23caf6
tigervnc-icons-1.12.0-9.el8_7.3.noarch.rpm
SHA-256: 429d2585b7735b73986c8213cdf738a46297333879f9dfda6f6e937337508b5b
tigervnc-license-1.12.0-9.el8_7.3.noarch.rpm
SHA-256: f001b158b1a6dfe41eba01c243b31ef9f482c9658a8e38c2169cfafb3d72d793
tigervnc-selinux-1.12.0-9.el8_7.3.noarch.rpm
SHA-256: 30896e95ba066c57dec8a59e1a78f5f2ba468288322577a763b9a84dce11da2d
tigervnc-server-1.12.0-9.el8_7.3.ppc64le.rpm
SHA-256: 98d2f8eb21ab09d513a71380367a9120445d003e5c3aa870d682e5ac3f4be3c7
tigervnc-server-debuginfo-1.12.0-9.el8_7.3.ppc64le.rpm
SHA-256: 8c1098da492f48f255ac943f2cd01837e03fa5500c2e29d8454d9df7e1edcf12
tigervnc-server-minimal-1.12.0-9.el8_7.3.ppc64le.rpm
SHA-256: 21cbae09407ad6d4208425443fcf661b70c576d96f6dcf906307f706c7d39608
tigervnc-server-minimal-debuginfo-1.12.0-9.el8_7.3.ppc64le.rpm
SHA-256: f0e9a85e698b334e4e959a002225f3458a2274a133b93f94970b916da43b2e61
tigervnc-server-module-1.12.0-9.el8_7.3.ppc64le.rpm
SHA-256: 1b9718ca19898149f12bf2c62285a119e1c95615a0824b27ebf9af0f6b1bc2b1
tigervnc-server-module-debuginfo-1.12.0-9.el8_7.3.ppc64le.rpm
SHA-256: 6b3a62bcc557c03b0e5513d0b19b3b22f2df16fe0de801abcd7326b1626422bb
Red Hat Enterprise Linux for ARM 64 8
SRPM
tigervnc-1.12.0-9.el8_7.3.src.rpm
SHA-256: acd1f4030ca737eb2a2e9c7e2ea3b6b59a859ee4837e4a05972ccc97a7f46f08
aarch64
tigervnc-1.12.0-9.el8_7.3.aarch64.rpm
SHA-256: 9da2d89a5ef56037d0ba6c19f8e16ad2ac7dea3684202122d6dc4f500d57948c
tigervnc-debuginfo-1.12.0-9.el8_7.3.aarch64.rpm
SHA-256: d8b0e74ccd02295487f1f3f05948434915a01551fd969f5e434d6709eda43350
tigervnc-debugsource-1.12.0-9.el8_7.3.aarch64.rpm
SHA-256: 03949e45725aa6b66e01b302411eb31f059537f4bd54f1fa47031fdf29b1299c
tigervnc-icons-1.12.0-9.el8_7.3.noarch.rpm
SHA-256: 429d2585b7735b73986c8213cdf738a46297333879f9dfda6f6e937337508b5b
tigervnc-license-1.12.0-9.el8_7.3.noarch.rpm
SHA-256: f001b158b1a6dfe41eba01c243b31ef9f482c9658a8e38c2169cfafb3d72d793
tigervnc-selinux-1.12.0-9.el8_7.3.noarch.rpm
SHA-256: 30896e95ba066c57dec8a59e1a78f5f2ba468288322577a763b9a84dce11da2d
tigervnc-server-1.12.0-9.el8_7.3.aarch64.rpm
SHA-256: c9bfd9fb3e59f50903978e83ab7cff1f960a95acb2b203acab12b84197451d1f
tigervnc-server-debuginfo-1.12.0-9.el8_7.3.aarch64.rpm
SHA-256: c775784b2bb1762461776b62f8af826c2ad1164c4a3c663bb90c52e80238f3be
tigervnc-server-minimal-1.12.0-9.el8_7.3.aarch64.rpm
SHA-256: 9fdd46430f37eaf0be2f0b19a8dc65b1155b152580cfbf2a6c70ca89e87dd0ed
tigervnc-server-minimal-debuginfo-1.12.0-9.el8_7.3.aarch64.rpm
SHA-256: 563725ce6cd9af7d2fa31e7daa2c9040442ef849d451d4d7d5697e081083a6bf
tigervnc-server-module-1.12.0-9.el8_7.3.aarch64.rpm
SHA-256: 00a8610f70cde5d34f5cad32990183834ded5f2c64ad5d5a184f6788f578b84e
tigervnc-server-module-debuginfo-1.12.0-9.el8_7.3.aarch64.rpm
SHA-256: 537b01952ceef1078b5f83224358455abc652e72d40cd25cfe66ff81e0a58797
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2023-1600-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-1594-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include privilege escalation and use-after-free vulnerabilities.
An update for tigervnc and xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
Ubuntu Security Notice 5986-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Debian Linux Security Advisory 5380-1 - Jan-Niklas Sohn discovered that a user-after-free flaw in the Composite extension of the X.org X server may result in privilege escalation if the X server is running under the root user.