Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:0663: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
Red Hat Security Data
#vulnerability#mac#linux#red_hat#rce#ssh#ibm#sap

Synopsis

Important: tigervnc security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for tigervnc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

  • xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation (CVE-2023-0494)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

Fixes

  • BZ - 2165995 - CVE-2023-0494 xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM

tigervnc-1.12.0-6.el8_6.1.src.rpm

SHA-256: fd2692e26b69f7dc51b994c0cde78c11fad203ddff4e5a848451462ff749da8e

x86_64

tigervnc-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: d339281b08fecc4e30ce255b4d1a0f6d32128847c561897f115cc5c84f250aad

tigervnc-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: debc9f4393d89c0152df37883920c936e886208928225d0339e30910a5cad23a

tigervnc-debugsource-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: 2ff25fc44e7a7427016dd2b09335b8efcbb8f5c6ef419195cdcc181907e59ec2

tigervnc-icons-1.12.0-6.el8_6.1.noarch.rpm

SHA-256: e27e587c68b037b2064833fe586632799d58942de02c0e50baacb54d73690704

tigervnc-license-1.12.0-6.el8_6.1.noarch.rpm

SHA-256: 58b6060d23a30028a5f415aa7c9fb65be534a6cd946608e6c6e2971c18cbb6f1

tigervnc-selinux-1.12.0-6.el8_6.1.noarch.rpm

SHA-256: 0242c20a5fffe8ec736786b3b26231931da61a113e48ed9d30114af1442afcc1

tigervnc-server-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: c6be1019ac66a40196121533e1e69f88821b3d5f895c61a06e4ef3a6ea12e79b

tigervnc-server-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: fca2b34a98a9186c92d236b2cb78eaa4e4cb1a9e5be290e52cfa468ce2eb701f

tigervnc-server-minimal-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: 5e1c13a2093dc89566f07ee54477117bfadf54e50989183c348e596eff9002da

tigervnc-server-minimal-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: 8f5a9662e4706bb73a1bf94f2f907a481a6a0e6f40ee4e6b0a1f2f52500b18e3

tigervnc-server-module-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: 2eb093aaf3d6b28e459cbad7c4af3a2aad804678e5e95397e9a12838affbc8c9

tigervnc-server-module-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: 488168d4f5842c9c96f228d6e14ef878debeb20d7f56ceb7de69acbbb103a395

Red Hat Enterprise Linux Server - AUS 8.6

SRPM

tigervnc-1.12.0-6.el8_6.1.src.rpm

SHA-256: fd2692e26b69f7dc51b994c0cde78c11fad203ddff4e5a848451462ff749da8e

x86_64

tigervnc-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: d339281b08fecc4e30ce255b4d1a0f6d32128847c561897f115cc5c84f250aad

tigervnc-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: debc9f4393d89c0152df37883920c936e886208928225d0339e30910a5cad23a

tigervnc-debugsource-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: 2ff25fc44e7a7427016dd2b09335b8efcbb8f5c6ef419195cdcc181907e59ec2

tigervnc-icons-1.12.0-6.el8_6.1.noarch.rpm

SHA-256: e27e587c68b037b2064833fe586632799d58942de02c0e50baacb54d73690704

tigervnc-license-1.12.0-6.el8_6.1.noarch.rpm

SHA-256: 58b6060d23a30028a5f415aa7c9fb65be534a6cd946608e6c6e2971c18cbb6f1

tigervnc-selinux-1.12.0-6.el8_6.1.noarch.rpm

SHA-256: 0242c20a5fffe8ec736786b3b26231931da61a113e48ed9d30114af1442afcc1

tigervnc-server-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: c6be1019ac66a40196121533e1e69f88821b3d5f895c61a06e4ef3a6ea12e79b

tigervnc-server-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: fca2b34a98a9186c92d236b2cb78eaa4e4cb1a9e5be290e52cfa468ce2eb701f

tigervnc-server-minimal-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: 5e1c13a2093dc89566f07ee54477117bfadf54e50989183c348e596eff9002da

tigervnc-server-minimal-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: 8f5a9662e4706bb73a1bf94f2f907a481a6a0e6f40ee4e6b0a1f2f52500b18e3

tigervnc-server-module-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: 2eb093aaf3d6b28e459cbad7c4af3a2aad804678e5e95397e9a12838affbc8c9

tigervnc-server-module-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: 488168d4f5842c9c96f228d6e14ef878debeb20d7f56ceb7de69acbbb103a395

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6

SRPM

tigervnc-1.12.0-6.el8_6.1.src.rpm

SHA-256: fd2692e26b69f7dc51b994c0cde78c11fad203ddff4e5a848451462ff749da8e

s390x

tigervnc-1.12.0-6.el8_6.1.s390x.rpm

SHA-256: bfd16bc40d3c4f87a403f198700cb9a7f30740043ffe7ca0799218c6b014e48e

tigervnc-debuginfo-1.12.0-6.el8_6.1.s390x.rpm

SHA-256: 40dbcad9d7a33d32d35bc355e160f5a194479f5acb68348a37f02bd9ea371f76

tigervnc-debugsource-1.12.0-6.el8_6.1.s390x.rpm

SHA-256: 5604c6a5bcbbd36b72544bbe26ca832e57c07430bc37ce223f8692fd11b8178d

tigervnc-icons-1.12.0-6.el8_6.1.noarch.rpm

SHA-256: e27e587c68b037b2064833fe586632799d58942de02c0e50baacb54d73690704

tigervnc-license-1.12.0-6.el8_6.1.noarch.rpm

SHA-256: 58b6060d23a30028a5f415aa7c9fb65be534a6cd946608e6c6e2971c18cbb6f1

tigervnc-selinux-1.12.0-6.el8_6.1.noarch.rpm

SHA-256: 0242c20a5fffe8ec736786b3b26231931da61a113e48ed9d30114af1442afcc1

tigervnc-server-1.12.0-6.el8_6.1.s390x.rpm

SHA-256: 3cbda83aa559f4edb04504842cc60f72fd2675c208296f698fd553c57c5bb730

tigervnc-server-debuginfo-1.12.0-6.el8_6.1.s390x.rpm

SHA-256: f3996098ba75c7ab8488931b49b153f0ca3e9666afd37eb10841e54ed228db90

tigervnc-server-minimal-1.12.0-6.el8_6.1.s390x.rpm

SHA-256: 8273186ca7c4ecdf07e8361a79400019f03adee897b67a901af791f79babb4e7

tigervnc-server-minimal-debuginfo-1.12.0-6.el8_6.1.s390x.rpm

SHA-256: 31948c1856ed7933b43b2f164440a2288ef324913cf2259e3c81c81d7a685e76

tigervnc-server-module-1.12.0-6.el8_6.1.s390x.rpm

SHA-256: 1bfa0df51e1f3dcc978a5079d1bac4d9532009696a51a3156060fdd46bde93c0

tigervnc-server-module-debuginfo-1.12.0-6.el8_6.1.s390x.rpm

SHA-256: a6e33abc3dfdd4bbe2871bcdcc880ad55df3347d7b3b209c485f0808f0ebd78c

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6

SRPM

tigervnc-1.12.0-6.el8_6.1.src.rpm

SHA-256: fd2692e26b69f7dc51b994c0cde78c11fad203ddff4e5a848451462ff749da8e

ppc64le

tigervnc-1.12.0-6.el8_6.1.ppc64le.rpm

SHA-256: 2f53774ca1069c3ec43882a132b74d87d960d3cf3e2bb203d70da0e6209a9d83

tigervnc-debuginfo-1.12.0-6.el8_6.1.ppc64le.rpm

SHA-256: 31749727ef31d11947e23da5cbd53d5d5c5627605aa985eba121e945dcf75654

tigervnc-debugsource-1.12.0-6.el8_6.1.ppc64le.rpm

SHA-256: 99791d661f84c2846ad0e59c5ee653d5351ac64261bef77fff18bfa1a9f02a58

tigervnc-icons-1.12.0-6.el8_6.1.noarch.rpm

SHA-256: e27e587c68b037b2064833fe586632799d58942de02c0e50baacb54d73690704

tigervnc-license-1.12.0-6.el8_6.1.noarch.rpm

SHA-256: 58b6060d23a30028a5f415aa7c9fb65be534a6cd946608e6c6e2971c18cbb6f1

tigervnc-selinux-1.12.0-6.el8_6.1.noarch.rpm

SHA-256: 0242c20a5fffe8ec736786b3b26231931da61a113e48ed9d30114af1442afcc1

tigervnc-server-1.12.0-6.el8_6.1.ppc64le.rpm

SHA-256: 7b66b50c599e237d7762823fd0b0d4687fcb39fe2acc0750bf28e3a261165cf6

tigervnc-server-debuginfo-1.12.0-6.el8_6.1.ppc64le.rpm

SHA-256: cfc9aa59f9c0c705c90bbaa17c5a8bf31746d4e236321422cc052063223e2f4c

tigervnc-server-minimal-1.12.0-6.el8_6.1.ppc64le.rpm

SHA-256: 4cb671ad23b465559cea15fbcb0c0849c3051a364ef46fbb29574bf0aae29b64

tigervnc-server-minimal-debuginfo-1.12.0-6.el8_6.1.ppc64le.rpm

SHA-256: 133f147917e4d489af2b59696f8f850dab7eec2743ff894a68542c2b1814ae47

tigervnc-server-module-1.12.0-6.el8_6.1.ppc64le.rpm

SHA-256: 3482351cc2017e90ea8f250ceb0ea00abeefc727263ff06648a26505ec764146

tigervnc-server-module-debuginfo-1.12.0-6.el8_6.1.ppc64le.rpm

SHA-256: b96d4d0ac9829d50803970f5984d5fcb1f7a8586d7f21b6d870fd3a6977ab0e2

Red Hat Enterprise Linux Server - TUS 8.6

SRPM

tigervnc-1.12.0-6.el8_6.1.src.rpm

SHA-256: fd2692e26b69f7dc51b994c0cde78c11fad203ddff4e5a848451462ff749da8e

x86_64

tigervnc-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: d339281b08fecc4e30ce255b4d1a0f6d32128847c561897f115cc5c84f250aad

tigervnc-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: debc9f4393d89c0152df37883920c936e886208928225d0339e30910a5cad23a

tigervnc-debugsource-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: 2ff25fc44e7a7427016dd2b09335b8efcbb8f5c6ef419195cdcc181907e59ec2

tigervnc-icons-1.12.0-6.el8_6.1.noarch.rpm

SHA-256: e27e587c68b037b2064833fe586632799d58942de02c0e50baacb54d73690704

tigervnc-license-1.12.0-6.el8_6.1.noarch.rpm

SHA-256: 58b6060d23a30028a5f415aa7c9fb65be534a6cd946608e6c6e2971c18cbb6f1

tigervnc-selinux-1.12.0-6.el8_6.1.noarch.rpm

SHA-256: 0242c20a5fffe8ec736786b3b26231931da61a113e48ed9d30114af1442afcc1

tigervnc-server-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: c6be1019ac66a40196121533e1e69f88821b3d5f895c61a06e4ef3a6ea12e79b

tigervnc-server-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: fca2b34a98a9186c92d236b2cb78eaa4e4cb1a9e5be290e52cfa468ce2eb701f

tigervnc-server-minimal-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: 5e1c13a2093dc89566f07ee54477117bfadf54e50989183c348e596eff9002da

tigervnc-server-minimal-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: 8f5a9662e4706bb73a1bf94f2f907a481a6a0e6f40ee4e6b0a1f2f52500b18e3

tigervnc-server-module-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: 2eb093aaf3d6b28e459cbad7c4af3a2aad804678e5e95397e9a12838affbc8c9

tigervnc-server-module-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: 488168d4f5842c9c96f228d6e14ef878debeb20d7f56ceb7de69acbbb103a395

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6

SRPM

tigervnc-1.12.0-6.el8_6.1.src.rpm

SHA-256: fd2692e26b69f7dc51b994c0cde78c11fad203ddff4e5a848451462ff749da8e

aarch64

tigervnc-1.12.0-6.el8_6.1.aarch64.rpm

SHA-256: 5d8944537ae99cd000aaad48137177927bebab0fb9bacf3478f79599f5f27572

tigervnc-debuginfo-1.12.0-6.el8_6.1.aarch64.rpm

SHA-256: 701cfa1006d3149b097880f5aef1030c02932b98303d7fee4beb2be0540c5d07

tigervnc-debugsource-1.12.0-6.el8_6.1.aarch64.rpm

SHA-256: 9457a40a014d2ffe0fe665c4db45b1ad143bc5ad84874242bed409303a08bc0e

tigervnc-icons-1.12.0-6.el8_6.1.noarch.rpm

SHA-256: e27e587c68b037b2064833fe586632799d58942de02c0e50baacb54d73690704

tigervnc-license-1.12.0-6.el8_6.1.noarch.rpm

SHA-256: 58b6060d23a30028a5f415aa7c9fb65be534a6cd946608e6c6e2971c18cbb6f1

tigervnc-selinux-1.12.0-6.el8_6.1.noarch.rpm

SHA-256: 0242c20a5fffe8ec736786b3b26231931da61a113e48ed9d30114af1442afcc1

tigervnc-server-1.12.0-6.el8_6.1.aarch64.rpm

SHA-256: 6ce0431254d567f4dd3773ba2443b821279b9bf8356e8ab4f7d790e7321013f7

tigervnc-server-debuginfo-1.12.0-6.el8_6.1.aarch64.rpm

SHA-256: 6dd6d9ab1dd97882831770a9a7845b918f1d3afe829e4ce7295b00ff30ea0b2b

tigervnc-server-minimal-1.12.0-6.el8_6.1.aarch64.rpm

SHA-256: 292c577ebf92327fdd6221093132f9cc2954250a4f83f41a67640b439c055ed7

tigervnc-server-minimal-debuginfo-1.12.0-6.el8_6.1.aarch64.rpm

SHA-256: 76e555f883ab875ce8aeb6c22cfac2ae1e7fb97de2fec2e6906f4f8e27616801

tigervnc-server-module-1.12.0-6.el8_6.1.aarch64.rpm

SHA-256: fd0f440f4f7fb9cab49f0114d7849faedadd4608253e155e8b412037b4c1f82d

tigervnc-server-module-debuginfo-1.12.0-6.el8_6.1.aarch64.rpm

SHA-256: 269eb61e639a6eb8900b7e461f0e839207a7b3508fe2a10f6a343d2e52dee02b

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM

tigervnc-1.12.0-6.el8_6.1.src.rpm

SHA-256: fd2692e26b69f7dc51b994c0cde78c11fad203ddff4e5a848451462ff749da8e

ppc64le

tigervnc-1.12.0-6.el8_6.1.ppc64le.rpm

SHA-256: 2f53774ca1069c3ec43882a132b74d87d960d3cf3e2bb203d70da0e6209a9d83

tigervnc-debuginfo-1.12.0-6.el8_6.1.ppc64le.rpm

SHA-256: 31749727ef31d11947e23da5cbd53d5d5c5627605aa985eba121e945dcf75654

tigervnc-debugsource-1.12.0-6.el8_6.1.ppc64le.rpm

SHA-256: 99791d661f84c2846ad0e59c5ee653d5351ac64261bef77fff18bfa1a9f02a58

tigervnc-icons-1.12.0-6.el8_6.1.noarch.rpm

SHA-256: e27e587c68b037b2064833fe586632799d58942de02c0e50baacb54d73690704

tigervnc-license-1.12.0-6.el8_6.1.noarch.rpm

SHA-256: 58b6060d23a30028a5f415aa7c9fb65be534a6cd946608e6c6e2971c18cbb6f1

tigervnc-selinux-1.12.0-6.el8_6.1.noarch.rpm

SHA-256: 0242c20a5fffe8ec736786b3b26231931da61a113e48ed9d30114af1442afcc1

tigervnc-server-1.12.0-6.el8_6.1.ppc64le.rpm

SHA-256: 7b66b50c599e237d7762823fd0b0d4687fcb39fe2acc0750bf28e3a261165cf6

tigervnc-server-debuginfo-1.12.0-6.el8_6.1.ppc64le.rpm

SHA-256: cfc9aa59f9c0c705c90bbaa17c5a8bf31746d4e236321422cc052063223e2f4c

tigervnc-server-minimal-1.12.0-6.el8_6.1.ppc64le.rpm

SHA-256: 4cb671ad23b465559cea15fbcb0c0849c3051a364ef46fbb29574bf0aae29b64

tigervnc-server-minimal-debuginfo-1.12.0-6.el8_6.1.ppc64le.rpm

SHA-256: 133f147917e4d489af2b59696f8f850dab7eec2743ff894a68542c2b1814ae47

tigervnc-server-module-1.12.0-6.el8_6.1.ppc64le.rpm

SHA-256: 3482351cc2017e90ea8f250ceb0ea00abeefc727263ff06648a26505ec764146

tigervnc-server-module-debuginfo-1.12.0-6.el8_6.1.ppc64le.rpm

SHA-256: b96d4d0ac9829d50803970f5984d5fcb1f7a8586d7f21b6d870fd3a6977ab0e2

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM

tigervnc-1.12.0-6.el8_6.1.src.rpm

SHA-256: fd2692e26b69f7dc51b994c0cde78c11fad203ddff4e5a848451462ff749da8e

x86_64

tigervnc-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: d339281b08fecc4e30ce255b4d1a0f6d32128847c561897f115cc5c84f250aad

tigervnc-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: debc9f4393d89c0152df37883920c936e886208928225d0339e30910a5cad23a

tigervnc-debugsource-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: 2ff25fc44e7a7427016dd2b09335b8efcbb8f5c6ef419195cdcc181907e59ec2

tigervnc-icons-1.12.0-6.el8_6.1.noarch.rpm

SHA-256: e27e587c68b037b2064833fe586632799d58942de02c0e50baacb54d73690704

tigervnc-license-1.12.0-6.el8_6.1.noarch.rpm

SHA-256: 58b6060d23a30028a5f415aa7c9fb65be534a6cd946608e6c6e2971c18cbb6f1

tigervnc-selinux-1.12.0-6.el8_6.1.noarch.rpm

SHA-256: 0242c20a5fffe8ec736786b3b26231931da61a113e48ed9d30114af1442afcc1

tigervnc-server-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: c6be1019ac66a40196121533e1e69f88821b3d5f895c61a06e4ef3a6ea12e79b

tigervnc-server-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: fca2b34a98a9186c92d236b2cb78eaa4e4cb1a9e5be290e52cfa468ce2eb701f

tigervnc-server-minimal-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: 5e1c13a2093dc89566f07ee54477117bfadf54e50989183c348e596eff9002da

tigervnc-server-minimal-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: 8f5a9662e4706bb73a1bf94f2f907a481a6a0e6f40ee4e6b0a1f2f52500b18e3

tigervnc-server-module-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: 2eb093aaf3d6b28e459cbad7c4af3a2aad804678e5e95397e9a12838affbc8c9

tigervnc-server-module-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm

SHA-256: 488168d4f5842c9c96f228d6e14ef878debeb20d7f56ceb7de69acbbb103a395

Related news

RHSA-2023:2806: Red Hat Security Advisory: xorg-x11-server security and bug fix update

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The ProcXkbGetKb...

RHSA-2023:2248: Red Hat Security Advisory: xorg-x11-server security and bug fix update

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The ProcXkbGetKb...

CVE-2023-0494: Xi: fix potential use-after-free in DeepCopyPointerClasses (0ba6d8c3) · Commits · xorg / xserver · GitLab

A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.

Red Hat Security Advisory 2023-0675-01

Red Hat Security Advisory 2023-0675-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include a use-after-free vulnerability.

RHSA-2023:0675: Red Hat Security Advisory: tigervnc and xorg-x11-server security update

An update for tigervnc and xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code exec...

Red Hat Security Advisory 2023-0663-01

Red Hat Security Advisory 2023-0663-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-0664-01

Red Hat Security Advisory 2023-0664-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-0665-01

Red Hat Security Advisory 2023-0665-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-0662-01

Red Hat Security Advisory 2023-0662-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-0622-01

Red Hat Security Advisory 2023-0622-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-0623-01

Red Hat Security Advisory 2023-0623-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.

RHSA-2023:0671: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read ...

RHSA-2023:0662: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forw...

RHSA-2023:0664: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote cod...

RHSA-2023:0665: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and ...

Debian Security Advisory 5342-1

Debian Linux Security Advisory 5342-1 - Jan-Niklas Sohn discovered that a user-after-free flaw in the X Input extension of the X.org X server may result in privilege escalation if the X server is running under the root user.

RHSA-2023:0623: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote cod...

RHSA-2023:0622: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forw...