Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:2257: Red Hat Security Advisory: tigervnc security and bug fix update

An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-4283: A vulnerability was found in X.Org. This issue occurs because the XkbCopyNames function leaves a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
  • CVE-2022-46340: A vulnerability was found in X.Org. The issue occurs due to the swap handler for the XTestFakeInput request of the XTest extension, possibly corrupting the stack if GenericEvents with lengths larger than 32 bytes are sent through the XTestFakeInput request. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where the client and server use the same byte order.
  • CVE-2022-46341: A vulnerability was found in X.Org. This issue occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
  • CVE-2022-46342: A vulnerability was found in X.Org. This flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
  • CVE-2022-46343: A vulnerability was found in X.Org. This issue occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This flaw can lead to local privileges elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
  • CVE-2022-46344: A vulnerability was found in X.Org. The issue occurs because the handler for the XIChangeProperty request has a length-validation issue, resulting in out-of-bounds memory reads and potential information disclosure. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
Red Hat Security Data
Open in Source
#vulnerability#web#mac#linux#red_hat#nodejs#js#java#kubernetes#rce#aws#ssh#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2023-05-09

Updated:

2023-05-09

RHSA-2023:2257 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: tigervnc security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for tigervnc is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

  • xorg-x11-server: XkbGetKbdByName use-after-free (CVE-2022-4283)
  • xorg-x11-server: XTestSwapFakeInput stack overflow (CVE-2022-46340)
  • xorg-x11-server: XIPassiveUngrab out-of-bounds access (CVE-2022-46341)
  • xorg-x11-server: XvdiSelectVideoNotify use-after-free (CVE-2022-46342)
  • xorg-x11-server: ScreenSaverSetAttributes use-after-free (CVE-2022-46343)
  • xorg-x11-server: XIChangeProperty out-of-bounds access (CVE-2022-46344)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64

Fixes

  • BZ - 2119016 - ‘ghost pointer’ behavior observed when using TigerVNC’s x0vncserver
  • BZ - 2119017 - x0vncserver incorrectly maps keysym from vncclient running german keyboard
  • BZ - 2151755 - CVE-2022-46340 xorg-x11-server: XTestSwapFakeInput stack overflow
  • BZ - 2151756 - CVE-2022-46341 xorg-x11-server: XIPassiveUngrab out-of-bounds access
  • BZ - 2151757 - CVE-2022-46342 xorg-x11-server: XvdiSelectVideoNotify use-after-free
  • BZ - 2151758 - CVE-2022-46343 xorg-x11-server: ScreenSaverSetAttributes use-after-free
  • BZ - 2151760 - CVE-2022-46344 xorg-x11-server: XIChangeProperty out-of-bounds access
  • BZ - 2151761 - CVE-2022-4283 xorg-x11-server: XkbGetKbdByName use-after-free
  • BZ - 2164703 - selinux policy will not allow tigervnc-server to start
  • BZ - 2169965 - Backport upstream fix for broken keyboard handling

CVEs

  • CVE-2022-4283
  • CVE-2022-46340
  • CVE-2022-46341
  • CVE-2022-46342
  • CVE-2022-46343
  • CVE-2022-46344

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index

Red Hat Enterprise Linux for x86_64 9

SRPM

tigervnc-1.12.0-13.el9_2.src.rpm

SHA-256: 19bf177c031f13bf1a361368fbd09eb0a2c7ed814056df28e22b16f3a1d9708d

x86_64

tigervnc-1.12.0-13.el9_2.x86_64.rpm

SHA-256: 83f15752a31d7984c7b59b3589815c1771f9b74488cefa0f0135151fccbddeeb

tigervnc-debuginfo-1.12.0-13.el9_2.x86_64.rpm

SHA-256: d75fda80099f59a860012ca23e8ab0c20705b918c19a7b1ce3674f6afa69c0bd

tigervnc-debugsource-1.12.0-13.el9_2.x86_64.rpm

SHA-256: 20af9da42bc6f80e401eab5c6bb045ec750867d00dbbf893816d21fe741a4180

tigervnc-icons-1.12.0-13.el9_2.noarch.rpm

SHA-256: 4ff305fbe96db7ec671274e93f27cede3da44bc5e4b47ef66e577245859e1032

tigervnc-license-1.12.0-13.el9_2.noarch.rpm

SHA-256: b56feef7eab53c16d24cd8ada9249ee1726fc731a14e25d4cf29fef024ce44d5

tigervnc-selinux-1.12.0-13.el9_2.noarch.rpm

SHA-256: de8fa3c514177de5724d0e02cc98f73f27f0b830512209e71dffb23ee73cde83

tigervnc-server-1.12.0-13.el9_2.x86_64.rpm

SHA-256: 1646702c96d4c47f0a2c791985f113ec88b9a93dd127721497ffef5531413102

tigervnc-server-debuginfo-1.12.0-13.el9_2.x86_64.rpm

SHA-256: d6fee0b23dc8e040d4628682116905228facc81fc718299b08d34abcb5bc3027

tigervnc-server-minimal-1.12.0-13.el9_2.x86_64.rpm

SHA-256: 932f7a0913f8ca7a2c0f88d143f9dae8ba17ce1ec54063e9f1086094a77ea20b

tigervnc-server-minimal-debuginfo-1.12.0-13.el9_2.x86_64.rpm

SHA-256: 9f14af1494f4432fff4be7b6c121fbf3f2f98a9d03924bea3ff2656b8b17477b

tigervnc-server-module-1.12.0-13.el9_2.x86_64.rpm

SHA-256: 098af7d40107182e7278b757cc5e58710a540fed6cec1ea53571b7991230f2a6

tigervnc-server-module-debuginfo-1.12.0-13.el9_2.x86_64.rpm

SHA-256: 3ccbf10a4e244e26e7abc01629c903f58883b01a509951e581aa2635973ebccb

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

tigervnc-1.12.0-13.el9_2.src.rpm

SHA-256: 19bf177c031f13bf1a361368fbd09eb0a2c7ed814056df28e22b16f3a1d9708d

s390x

tigervnc-1.12.0-13.el9_2.s390x.rpm

SHA-256: 8cb6b5e617b1b5588e6c59d4f40891b2c6d33fb643a722cf30d0e8ef5e93aec5

tigervnc-debuginfo-1.12.0-13.el9_2.s390x.rpm

SHA-256: 546666c5d5affc12b627967ad294ac7ec5540c2e6605e354ce47c65da5fe0bd8

tigervnc-debugsource-1.12.0-13.el9_2.s390x.rpm

SHA-256: d5cd1a0d2b3e1ac6c28ce3e9ca84c793e2e5a40fb98f6ba4221ffdb25207b7d5

tigervnc-icons-1.12.0-13.el9_2.noarch.rpm

SHA-256: 4ff305fbe96db7ec671274e93f27cede3da44bc5e4b47ef66e577245859e1032

tigervnc-license-1.12.0-13.el9_2.noarch.rpm

SHA-256: b56feef7eab53c16d24cd8ada9249ee1726fc731a14e25d4cf29fef024ce44d5

tigervnc-selinux-1.12.0-13.el9_2.noarch.rpm

SHA-256: de8fa3c514177de5724d0e02cc98f73f27f0b830512209e71dffb23ee73cde83

tigervnc-server-1.12.0-13.el9_2.s390x.rpm

SHA-256: 4e3dd871dd331dcb59d48e9bff4334159cec4a7660f83bfda7da74b793fb92fc

tigervnc-server-debuginfo-1.12.0-13.el9_2.s390x.rpm

SHA-256: 27f2bc38309c26df25cf686df8457088e3b19e0011a9b2ce919f234a84e28646

tigervnc-server-minimal-1.12.0-13.el9_2.s390x.rpm

SHA-256: f44f451e916fea89503f68704504caf7ed93986a52858669b2fcc5345598f696

tigervnc-server-minimal-debuginfo-1.12.0-13.el9_2.s390x.rpm

SHA-256: e07245e8ca9c86a2ae99ca2bd6c98579fa52f3dbb97ed39fba832232789208ea

tigervnc-server-module-1.12.0-13.el9_2.s390x.rpm

SHA-256: f45f2f94987348246c2657f0d69d994c8128ec0eacf35623004daa4b2015ea6b

tigervnc-server-module-debuginfo-1.12.0-13.el9_2.s390x.rpm

SHA-256: b2b7a803b536863d63f5e55cb358a6f346269bbee42f510c8c0bb817e8c25fb5

Red Hat Enterprise Linux for Power, little endian 9

SRPM

tigervnc-1.12.0-13.el9_2.src.rpm

SHA-256: 19bf177c031f13bf1a361368fbd09eb0a2c7ed814056df28e22b16f3a1d9708d

ppc64le

tigervnc-1.12.0-13.el9_2.ppc64le.rpm

SHA-256: 59a15ee0019821bbe9503b5f915b59e2cc87891915dadbe936efe858cf115441

tigervnc-debuginfo-1.12.0-13.el9_2.ppc64le.rpm

SHA-256: 688b272edeb182095af5243378857c4d77e8a2e58ed9272e373afb465107be98

tigervnc-debugsource-1.12.0-13.el9_2.ppc64le.rpm

SHA-256: 2e1e3b577b6ec501c85f9f7e7e4cb74433214dbaf878e018c0716e5468875369

tigervnc-icons-1.12.0-13.el9_2.noarch.rpm

SHA-256: 4ff305fbe96db7ec671274e93f27cede3da44bc5e4b47ef66e577245859e1032

tigervnc-license-1.12.0-13.el9_2.noarch.rpm

SHA-256: b56feef7eab53c16d24cd8ada9249ee1726fc731a14e25d4cf29fef024ce44d5

tigervnc-selinux-1.12.0-13.el9_2.noarch.rpm

SHA-256: de8fa3c514177de5724d0e02cc98f73f27f0b830512209e71dffb23ee73cde83

tigervnc-server-1.12.0-13.el9_2.ppc64le.rpm

SHA-256: fb96bf1254d1c0700bc77f1902bc3a2ac64bbb1fe78cd51cc20dad6426b0145f

tigervnc-server-debuginfo-1.12.0-13.el9_2.ppc64le.rpm

SHA-256: a823c7ea32a0f531fdad045b6f48a39ea4aa50e41c9fd2ee4abf27dc81c387ac

tigervnc-server-minimal-1.12.0-13.el9_2.ppc64le.rpm

SHA-256: b214c9ad8b57c354616504c6012b101e74327f9f32e298abb221d4ff45b02587

tigervnc-server-minimal-debuginfo-1.12.0-13.el9_2.ppc64le.rpm

SHA-256: 9901833b620d944e1c6b630d9ed3222f3a2bfbb6afaa28f5cba7a6df0ea6dd35

tigervnc-server-module-1.12.0-13.el9_2.ppc64le.rpm

SHA-256: 87c3829ba5cd04fac4ef5102e1dd248f1ebd26a9bd69e314fead5922c31b1f74

tigervnc-server-module-debuginfo-1.12.0-13.el9_2.ppc64le.rpm

SHA-256: 0b955b8e538938f73fdb2cb6ae5e15a8c23a2ed49843546d4bda1a76e1fbf608

Red Hat Enterprise Linux for ARM 64 9

SRPM

tigervnc-1.12.0-13.el9_2.src.rpm

SHA-256: 19bf177c031f13bf1a361368fbd09eb0a2c7ed814056df28e22b16f3a1d9708d

aarch64

tigervnc-1.12.0-13.el9_2.aarch64.rpm

SHA-256: 3a5cd4d9d604e1b505011bd94794d36cf9829388bfea83e51699f8866dea2d37

tigervnc-debuginfo-1.12.0-13.el9_2.aarch64.rpm

SHA-256: a5e774dcdc3b73d32268af716434e42bbbbdc4cae3073cfa0b4bf41d79dc79ba

tigervnc-debugsource-1.12.0-13.el9_2.aarch64.rpm

SHA-256: bc0a3eb585f832457401448400dd94e34ae9d99b1258371fdd7f79f3fc1e3dec

tigervnc-icons-1.12.0-13.el9_2.noarch.rpm

SHA-256: 4ff305fbe96db7ec671274e93f27cede3da44bc5e4b47ef66e577245859e1032

tigervnc-license-1.12.0-13.el9_2.noarch.rpm

SHA-256: b56feef7eab53c16d24cd8ada9249ee1726fc731a14e25d4cf29fef024ce44d5

tigervnc-selinux-1.12.0-13.el9_2.noarch.rpm

SHA-256: de8fa3c514177de5724d0e02cc98f73f27f0b830512209e71dffb23ee73cde83

tigervnc-server-1.12.0-13.el9_2.aarch64.rpm

SHA-256: 00a5003d2b57a19ef628f83f90b363a92940b0d5092e9118a929c8069df73b19

tigervnc-server-debuginfo-1.12.0-13.el9_2.aarch64.rpm

SHA-256: e8d07473b49a171ff24d8fe3cdded3bb07b0e30650ec8d715c34d4944ea3944a

tigervnc-server-minimal-1.12.0-13.el9_2.aarch64.rpm

SHA-256: 14501e2a8d2501d36326bbf96ebda73b088e40ae63dd7b12b689317e093260fc

tigervnc-server-minimal-debuginfo-1.12.0-13.el9_2.aarch64.rpm

SHA-256: dc1f46c20c41cf748b6b1a5d94b8a55a12d888ab80aa79db46478653cd68c305

tigervnc-server-module-1.12.0-13.el9_2.aarch64.rpm

SHA-256: f8d6248b0d5d23984512a023f7aa1a2ce35b6376c17b5554b994a3799e6b265f

tigervnc-server-module-debuginfo-1.12.0-13.el9_2.aarch64.rpm

SHA-256: fd051b3b7563dc21340a48d6e4a5aac8b0d163cde8c403eafe26339482ac7911

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

RHSA-2023:2805: Red Hat Security Advisory: xorg-x11-server-Xwayland security update

An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The Pro...

RHSA-2023:2830: Red Hat Security Advisory: tigervnc security and bug fix update

An update for tigervnc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: A vulnerability was found in X.Org. This issue occurs because the XkbCopyNames function leaves a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwar...

RHSA-2023:2249: Red Hat Security Advisory: xorg-x11-server-Xwayland security update

An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The Pro...

RHSA-2023:2248: Red Hat Security Advisory: xorg-x11-server security and bug fix update

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The ProcXkbGetKb...

Ubuntu Security Notice USN-5778-2

Ubuntu Security Notice 5778-2 - USN-5778-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.

Ubuntu Security Notice USN-5778-2

Ubuntu Security Notice 5778-2 - USN-5778-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.

Ubuntu Security Notice USN-5778-2

Ubuntu Security Notice 5778-2 - USN-5778-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.

Ubuntu Security Notice USN-5778-2

Ubuntu Security Notice 5778-2 - USN-5778-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.

Ubuntu Security Notice USN-5778-2

Ubuntu Security Notice 5778-2 - USN-5778-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.

Ubuntu Security Notice USN-5778-2

Ubuntu Security Notice 5778-2 - USN-5778-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.

Red Hat Security Advisory 2023-0045-01

Red Hat Security Advisory 2023-0045-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include out of bounds access and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-0045-01

Red Hat Security Advisory 2023-0045-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include out of bounds access and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-0045-01

Red Hat Security Advisory 2023-0045-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include out of bounds access and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-0045-01

Red Hat Security Advisory 2023-0045-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include out of bounds access and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-0045-01

Red Hat Security Advisory 2023-0045-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include out of bounds access and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-0045-01

Red Hat Security Advisory 2023-0045-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include out of bounds access and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-0046-01

Red Hat Security Advisory 2023-0046-01 - X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include out of bounds access and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-0046-01

Red Hat Security Advisory 2023-0046-01 - X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include out of bounds access and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-0046-01

Red Hat Security Advisory 2023-0046-01 - X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include out of bounds access and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-0046-01

Red Hat Security Advisory 2023-0046-01 - X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include out of bounds access and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-0046-01

Red Hat Security Advisory 2023-0046-01 - X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include out of bounds access and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-0046-01

Red Hat Security Advisory 2023-0046-01 - X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include out of bounds access and use-after-free vulnerabilities.

RHSA-2023:0046: Red Hat Security Advisory: xorg-x11-server security update

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-...

RHSA-2023:0046: Red Hat Security Advisory: xorg-x11-server security update

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-...

RHSA-2023:0046: Red Hat Security Advisory: xorg-x11-server security update

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-...

RHSA-2023:0045: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-server:...

RHSA-2023:0046: Red Hat Security Advisory: xorg-x11-server security update

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-...

RHSA-2023:0045: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-server:...

RHSA-2023:0045: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-server:...

RHSA-2023:0046: Red Hat Security Advisory: xorg-x11-server security update

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-...

RHSA-2023:0045: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-server:...

RHSA-2023:0045: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-server:...

RHSA-2023:0046: Red Hat Security Advisory: xorg-x11-server security update

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-...

RHSA-2023:0045: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-server:...

Debian Security Advisory 5304-1

Debian Linux Security Advisory 5304-1 - Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.

Debian Security Advisory 5304-1

Debian Linux Security Advisory 5304-1 - Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.

Debian Security Advisory 5304-1

Debian Linux Security Advisory 5304-1 - Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.

Debian Security Advisory 5304-1

Debian Linux Security Advisory 5304-1 - Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.

Debian Security Advisory 5304-1

Debian Linux Security Advisory 5304-1 - Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.

Debian Security Advisory 5304-1

Debian Linux Security Advisory 5304-1 - Jan-Niklas Sohn discovered several vulnerabilities in X server extensions in the X.Org X server, which may result in privilege escalation if the X server is running privileged.

CVE-2022-46341: Red Hat Customer Portal - Access to 24x7 support and knowledge

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

CVE-2022-46344: Red Hat Customer Portal - Access to 24x7 support and knowledge

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

CVE-2022-46342: Invalid Bug ID

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se

CVE-2022-46340: Red Hat Customer Portal - Access to 24x7 support and knowledge

A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.

CVE-2022-46343: Invalid Bug ID

A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

CVE-2022-4283: Invalid Bug ID

A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

Ubuntu Security Notice USN-5778-1

Ubuntu Security Notice 5778-1 - Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.

Ubuntu Security Notice USN-5778-1

Ubuntu Security Notice 5778-1 - Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.

Ubuntu Security Notice USN-5778-1

Ubuntu Security Notice 5778-1 - Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.

Ubuntu Security Notice USN-5778-1

Ubuntu Security Notice 5778-1 - Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.

Ubuntu Security Notice USN-5778-1

Ubuntu Security Notice 5778-1 - Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.

Ubuntu Security Notice USN-5778-1

Ubuntu Security Notice 5778-1 - Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Red Hat Security Data