Headline
RHSA-2023:0663: Red Hat Security Advisory: tigervnc security update
An update for tigervnc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
Synopsis
Important: tigervnc security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for tigervnc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.
Security Fix(es):
- xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation (CVE-2023-0494)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat Enterprise Linux Server - AUS 8.6 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.6 x86_64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
Fixes
- BZ - 2165995 - CVE-2023-0494 xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6
SRPM
tigervnc-1.12.0-6.el8_6.1.src.rpm
SHA-256: fd2692e26b69f7dc51b994c0cde78c11fad203ddff4e5a848451462ff749da8e
x86_64
tigervnc-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: d339281b08fecc4e30ce255b4d1a0f6d32128847c561897f115cc5c84f250aad
tigervnc-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: debc9f4393d89c0152df37883920c936e886208928225d0339e30910a5cad23a
tigervnc-debugsource-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: 2ff25fc44e7a7427016dd2b09335b8efcbb8f5c6ef419195cdcc181907e59ec2
tigervnc-icons-1.12.0-6.el8_6.1.noarch.rpm
SHA-256: e27e587c68b037b2064833fe586632799d58942de02c0e50baacb54d73690704
tigervnc-license-1.12.0-6.el8_6.1.noarch.rpm
SHA-256: 58b6060d23a30028a5f415aa7c9fb65be534a6cd946608e6c6e2971c18cbb6f1
tigervnc-selinux-1.12.0-6.el8_6.1.noarch.rpm
SHA-256: 0242c20a5fffe8ec736786b3b26231931da61a113e48ed9d30114af1442afcc1
tigervnc-server-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: c6be1019ac66a40196121533e1e69f88821b3d5f895c61a06e4ef3a6ea12e79b
tigervnc-server-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: fca2b34a98a9186c92d236b2cb78eaa4e4cb1a9e5be290e52cfa468ce2eb701f
tigervnc-server-minimal-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: 5e1c13a2093dc89566f07ee54477117bfadf54e50989183c348e596eff9002da
tigervnc-server-minimal-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: 8f5a9662e4706bb73a1bf94f2f907a481a6a0e6f40ee4e6b0a1f2f52500b18e3
tigervnc-server-module-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: 2eb093aaf3d6b28e459cbad7c4af3a2aad804678e5e95397e9a12838affbc8c9
tigervnc-server-module-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: 488168d4f5842c9c96f228d6e14ef878debeb20d7f56ceb7de69acbbb103a395
Red Hat Enterprise Linux Server - AUS 8.6
SRPM
tigervnc-1.12.0-6.el8_6.1.src.rpm
SHA-256: fd2692e26b69f7dc51b994c0cde78c11fad203ddff4e5a848451462ff749da8e
x86_64
tigervnc-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: d339281b08fecc4e30ce255b4d1a0f6d32128847c561897f115cc5c84f250aad
tigervnc-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: debc9f4393d89c0152df37883920c936e886208928225d0339e30910a5cad23a
tigervnc-debugsource-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: 2ff25fc44e7a7427016dd2b09335b8efcbb8f5c6ef419195cdcc181907e59ec2
tigervnc-icons-1.12.0-6.el8_6.1.noarch.rpm
SHA-256: e27e587c68b037b2064833fe586632799d58942de02c0e50baacb54d73690704
tigervnc-license-1.12.0-6.el8_6.1.noarch.rpm
SHA-256: 58b6060d23a30028a5f415aa7c9fb65be534a6cd946608e6c6e2971c18cbb6f1
tigervnc-selinux-1.12.0-6.el8_6.1.noarch.rpm
SHA-256: 0242c20a5fffe8ec736786b3b26231931da61a113e48ed9d30114af1442afcc1
tigervnc-server-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: c6be1019ac66a40196121533e1e69f88821b3d5f895c61a06e4ef3a6ea12e79b
tigervnc-server-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: fca2b34a98a9186c92d236b2cb78eaa4e4cb1a9e5be290e52cfa468ce2eb701f
tigervnc-server-minimal-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: 5e1c13a2093dc89566f07ee54477117bfadf54e50989183c348e596eff9002da
tigervnc-server-minimal-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: 8f5a9662e4706bb73a1bf94f2f907a481a6a0e6f40ee4e6b0a1f2f52500b18e3
tigervnc-server-module-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: 2eb093aaf3d6b28e459cbad7c4af3a2aad804678e5e95397e9a12838affbc8c9
tigervnc-server-module-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: 488168d4f5842c9c96f228d6e14ef878debeb20d7f56ceb7de69acbbb103a395
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6
SRPM
tigervnc-1.12.0-6.el8_6.1.src.rpm
SHA-256: fd2692e26b69f7dc51b994c0cde78c11fad203ddff4e5a848451462ff749da8e
s390x
tigervnc-1.12.0-6.el8_6.1.s390x.rpm
SHA-256: bfd16bc40d3c4f87a403f198700cb9a7f30740043ffe7ca0799218c6b014e48e
tigervnc-debuginfo-1.12.0-6.el8_6.1.s390x.rpm
SHA-256: 40dbcad9d7a33d32d35bc355e160f5a194479f5acb68348a37f02bd9ea371f76
tigervnc-debugsource-1.12.0-6.el8_6.1.s390x.rpm
SHA-256: 5604c6a5bcbbd36b72544bbe26ca832e57c07430bc37ce223f8692fd11b8178d
tigervnc-icons-1.12.0-6.el8_6.1.noarch.rpm
SHA-256: e27e587c68b037b2064833fe586632799d58942de02c0e50baacb54d73690704
tigervnc-license-1.12.0-6.el8_6.1.noarch.rpm
SHA-256: 58b6060d23a30028a5f415aa7c9fb65be534a6cd946608e6c6e2971c18cbb6f1
tigervnc-selinux-1.12.0-6.el8_6.1.noarch.rpm
SHA-256: 0242c20a5fffe8ec736786b3b26231931da61a113e48ed9d30114af1442afcc1
tigervnc-server-1.12.0-6.el8_6.1.s390x.rpm
SHA-256: 3cbda83aa559f4edb04504842cc60f72fd2675c208296f698fd553c57c5bb730
tigervnc-server-debuginfo-1.12.0-6.el8_6.1.s390x.rpm
SHA-256: f3996098ba75c7ab8488931b49b153f0ca3e9666afd37eb10841e54ed228db90
tigervnc-server-minimal-1.12.0-6.el8_6.1.s390x.rpm
SHA-256: 8273186ca7c4ecdf07e8361a79400019f03adee897b67a901af791f79babb4e7
tigervnc-server-minimal-debuginfo-1.12.0-6.el8_6.1.s390x.rpm
SHA-256: 31948c1856ed7933b43b2f164440a2288ef324913cf2259e3c81c81d7a685e76
tigervnc-server-module-1.12.0-6.el8_6.1.s390x.rpm
SHA-256: 1bfa0df51e1f3dcc978a5079d1bac4d9532009696a51a3156060fdd46bde93c0
tigervnc-server-module-debuginfo-1.12.0-6.el8_6.1.s390x.rpm
SHA-256: a6e33abc3dfdd4bbe2871bcdcc880ad55df3347d7b3b209c485f0808f0ebd78c
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6
SRPM
tigervnc-1.12.0-6.el8_6.1.src.rpm
SHA-256: fd2692e26b69f7dc51b994c0cde78c11fad203ddff4e5a848451462ff749da8e
ppc64le
tigervnc-1.12.0-6.el8_6.1.ppc64le.rpm
SHA-256: 2f53774ca1069c3ec43882a132b74d87d960d3cf3e2bb203d70da0e6209a9d83
tigervnc-debuginfo-1.12.0-6.el8_6.1.ppc64le.rpm
SHA-256: 31749727ef31d11947e23da5cbd53d5d5c5627605aa985eba121e945dcf75654
tigervnc-debugsource-1.12.0-6.el8_6.1.ppc64le.rpm
SHA-256: 99791d661f84c2846ad0e59c5ee653d5351ac64261bef77fff18bfa1a9f02a58
tigervnc-icons-1.12.0-6.el8_6.1.noarch.rpm
SHA-256: e27e587c68b037b2064833fe586632799d58942de02c0e50baacb54d73690704
tigervnc-license-1.12.0-6.el8_6.1.noarch.rpm
SHA-256: 58b6060d23a30028a5f415aa7c9fb65be534a6cd946608e6c6e2971c18cbb6f1
tigervnc-selinux-1.12.0-6.el8_6.1.noarch.rpm
SHA-256: 0242c20a5fffe8ec736786b3b26231931da61a113e48ed9d30114af1442afcc1
tigervnc-server-1.12.0-6.el8_6.1.ppc64le.rpm
SHA-256: 7b66b50c599e237d7762823fd0b0d4687fcb39fe2acc0750bf28e3a261165cf6
tigervnc-server-debuginfo-1.12.0-6.el8_6.1.ppc64le.rpm
SHA-256: cfc9aa59f9c0c705c90bbaa17c5a8bf31746d4e236321422cc052063223e2f4c
tigervnc-server-minimal-1.12.0-6.el8_6.1.ppc64le.rpm
SHA-256: 4cb671ad23b465559cea15fbcb0c0849c3051a364ef46fbb29574bf0aae29b64
tigervnc-server-minimal-debuginfo-1.12.0-6.el8_6.1.ppc64le.rpm
SHA-256: 133f147917e4d489af2b59696f8f850dab7eec2743ff894a68542c2b1814ae47
tigervnc-server-module-1.12.0-6.el8_6.1.ppc64le.rpm
SHA-256: 3482351cc2017e90ea8f250ceb0ea00abeefc727263ff06648a26505ec764146
tigervnc-server-module-debuginfo-1.12.0-6.el8_6.1.ppc64le.rpm
SHA-256: b96d4d0ac9829d50803970f5984d5fcb1f7a8586d7f21b6d870fd3a6977ab0e2
Red Hat Enterprise Linux Server - TUS 8.6
SRPM
tigervnc-1.12.0-6.el8_6.1.src.rpm
SHA-256: fd2692e26b69f7dc51b994c0cde78c11fad203ddff4e5a848451462ff749da8e
x86_64
tigervnc-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: d339281b08fecc4e30ce255b4d1a0f6d32128847c561897f115cc5c84f250aad
tigervnc-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: debc9f4393d89c0152df37883920c936e886208928225d0339e30910a5cad23a
tigervnc-debugsource-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: 2ff25fc44e7a7427016dd2b09335b8efcbb8f5c6ef419195cdcc181907e59ec2
tigervnc-icons-1.12.0-6.el8_6.1.noarch.rpm
SHA-256: e27e587c68b037b2064833fe586632799d58942de02c0e50baacb54d73690704
tigervnc-license-1.12.0-6.el8_6.1.noarch.rpm
SHA-256: 58b6060d23a30028a5f415aa7c9fb65be534a6cd946608e6c6e2971c18cbb6f1
tigervnc-selinux-1.12.0-6.el8_6.1.noarch.rpm
SHA-256: 0242c20a5fffe8ec736786b3b26231931da61a113e48ed9d30114af1442afcc1
tigervnc-server-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: c6be1019ac66a40196121533e1e69f88821b3d5f895c61a06e4ef3a6ea12e79b
tigervnc-server-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: fca2b34a98a9186c92d236b2cb78eaa4e4cb1a9e5be290e52cfa468ce2eb701f
tigervnc-server-minimal-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: 5e1c13a2093dc89566f07ee54477117bfadf54e50989183c348e596eff9002da
tigervnc-server-minimal-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: 8f5a9662e4706bb73a1bf94f2f907a481a6a0e6f40ee4e6b0a1f2f52500b18e3
tigervnc-server-module-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: 2eb093aaf3d6b28e459cbad7c4af3a2aad804678e5e95397e9a12838affbc8c9
tigervnc-server-module-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: 488168d4f5842c9c96f228d6e14ef878debeb20d7f56ceb7de69acbbb103a395
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6
SRPM
tigervnc-1.12.0-6.el8_6.1.src.rpm
SHA-256: fd2692e26b69f7dc51b994c0cde78c11fad203ddff4e5a848451462ff749da8e
aarch64
tigervnc-1.12.0-6.el8_6.1.aarch64.rpm
SHA-256: 5d8944537ae99cd000aaad48137177927bebab0fb9bacf3478f79599f5f27572
tigervnc-debuginfo-1.12.0-6.el8_6.1.aarch64.rpm
SHA-256: 701cfa1006d3149b097880f5aef1030c02932b98303d7fee4beb2be0540c5d07
tigervnc-debugsource-1.12.0-6.el8_6.1.aarch64.rpm
SHA-256: 9457a40a014d2ffe0fe665c4db45b1ad143bc5ad84874242bed409303a08bc0e
tigervnc-icons-1.12.0-6.el8_6.1.noarch.rpm
SHA-256: e27e587c68b037b2064833fe586632799d58942de02c0e50baacb54d73690704
tigervnc-license-1.12.0-6.el8_6.1.noarch.rpm
SHA-256: 58b6060d23a30028a5f415aa7c9fb65be534a6cd946608e6c6e2971c18cbb6f1
tigervnc-selinux-1.12.0-6.el8_6.1.noarch.rpm
SHA-256: 0242c20a5fffe8ec736786b3b26231931da61a113e48ed9d30114af1442afcc1
tigervnc-server-1.12.0-6.el8_6.1.aarch64.rpm
SHA-256: 6ce0431254d567f4dd3773ba2443b821279b9bf8356e8ab4f7d790e7321013f7
tigervnc-server-debuginfo-1.12.0-6.el8_6.1.aarch64.rpm
SHA-256: 6dd6d9ab1dd97882831770a9a7845b918f1d3afe829e4ce7295b00ff30ea0b2b
tigervnc-server-minimal-1.12.0-6.el8_6.1.aarch64.rpm
SHA-256: 292c577ebf92327fdd6221093132f9cc2954250a4f83f41a67640b439c055ed7
tigervnc-server-minimal-debuginfo-1.12.0-6.el8_6.1.aarch64.rpm
SHA-256: 76e555f883ab875ce8aeb6c22cfac2ae1e7fb97de2fec2e6906f4f8e27616801
tigervnc-server-module-1.12.0-6.el8_6.1.aarch64.rpm
SHA-256: fd0f440f4f7fb9cab49f0114d7849faedadd4608253e155e8b412037b4c1f82d
tigervnc-server-module-debuginfo-1.12.0-6.el8_6.1.aarch64.rpm
SHA-256: 269eb61e639a6eb8900b7e461f0e839207a7b3508fe2a10f6a343d2e52dee02b
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6
SRPM
tigervnc-1.12.0-6.el8_6.1.src.rpm
SHA-256: fd2692e26b69f7dc51b994c0cde78c11fad203ddff4e5a848451462ff749da8e
ppc64le
tigervnc-1.12.0-6.el8_6.1.ppc64le.rpm
SHA-256: 2f53774ca1069c3ec43882a132b74d87d960d3cf3e2bb203d70da0e6209a9d83
tigervnc-debuginfo-1.12.0-6.el8_6.1.ppc64le.rpm
SHA-256: 31749727ef31d11947e23da5cbd53d5d5c5627605aa985eba121e945dcf75654
tigervnc-debugsource-1.12.0-6.el8_6.1.ppc64le.rpm
SHA-256: 99791d661f84c2846ad0e59c5ee653d5351ac64261bef77fff18bfa1a9f02a58
tigervnc-icons-1.12.0-6.el8_6.1.noarch.rpm
SHA-256: e27e587c68b037b2064833fe586632799d58942de02c0e50baacb54d73690704
tigervnc-license-1.12.0-6.el8_6.1.noarch.rpm
SHA-256: 58b6060d23a30028a5f415aa7c9fb65be534a6cd946608e6c6e2971c18cbb6f1
tigervnc-selinux-1.12.0-6.el8_6.1.noarch.rpm
SHA-256: 0242c20a5fffe8ec736786b3b26231931da61a113e48ed9d30114af1442afcc1
tigervnc-server-1.12.0-6.el8_6.1.ppc64le.rpm
SHA-256: 7b66b50c599e237d7762823fd0b0d4687fcb39fe2acc0750bf28e3a261165cf6
tigervnc-server-debuginfo-1.12.0-6.el8_6.1.ppc64le.rpm
SHA-256: cfc9aa59f9c0c705c90bbaa17c5a8bf31746d4e236321422cc052063223e2f4c
tigervnc-server-minimal-1.12.0-6.el8_6.1.ppc64le.rpm
SHA-256: 4cb671ad23b465559cea15fbcb0c0849c3051a364ef46fbb29574bf0aae29b64
tigervnc-server-minimal-debuginfo-1.12.0-6.el8_6.1.ppc64le.rpm
SHA-256: 133f147917e4d489af2b59696f8f850dab7eec2743ff894a68542c2b1814ae47
tigervnc-server-module-1.12.0-6.el8_6.1.ppc64le.rpm
SHA-256: 3482351cc2017e90ea8f250ceb0ea00abeefc727263ff06648a26505ec764146
tigervnc-server-module-debuginfo-1.12.0-6.el8_6.1.ppc64le.rpm
SHA-256: b96d4d0ac9829d50803970f5984d5fcb1f7a8586d7f21b6d870fd3a6977ab0e2
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6
SRPM
tigervnc-1.12.0-6.el8_6.1.src.rpm
SHA-256: fd2692e26b69f7dc51b994c0cde78c11fad203ddff4e5a848451462ff749da8e
x86_64
tigervnc-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: d339281b08fecc4e30ce255b4d1a0f6d32128847c561897f115cc5c84f250aad
tigervnc-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: debc9f4393d89c0152df37883920c936e886208928225d0339e30910a5cad23a
tigervnc-debugsource-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: 2ff25fc44e7a7427016dd2b09335b8efcbb8f5c6ef419195cdcc181907e59ec2
tigervnc-icons-1.12.0-6.el8_6.1.noarch.rpm
SHA-256: e27e587c68b037b2064833fe586632799d58942de02c0e50baacb54d73690704
tigervnc-license-1.12.0-6.el8_6.1.noarch.rpm
SHA-256: 58b6060d23a30028a5f415aa7c9fb65be534a6cd946608e6c6e2971c18cbb6f1
tigervnc-selinux-1.12.0-6.el8_6.1.noarch.rpm
SHA-256: 0242c20a5fffe8ec736786b3b26231931da61a113e48ed9d30114af1442afcc1
tigervnc-server-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: c6be1019ac66a40196121533e1e69f88821b3d5f895c61a06e4ef3a6ea12e79b
tigervnc-server-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: fca2b34a98a9186c92d236b2cb78eaa4e4cb1a9e5be290e52cfa468ce2eb701f
tigervnc-server-minimal-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: 5e1c13a2093dc89566f07ee54477117bfadf54e50989183c348e596eff9002da
tigervnc-server-minimal-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: 8f5a9662e4706bb73a1bf94f2f907a481a6a0e6f40ee4e6b0a1f2f52500b18e3
tigervnc-server-module-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: 2eb093aaf3d6b28e459cbad7c4af3a2aad804678e5e95397e9a12838affbc8c9
tigervnc-server-module-debuginfo-1.12.0-6.el8_6.1.x86_64.rpm
SHA-256: 488168d4f5842c9c96f228d6e14ef878debeb20d7f56ceb7de69acbbb103a395
Related news
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The ProcXkbGetKb...
An update for xorg-x11-server is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The ProcXkbGetKb...
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
Red Hat Security Advisory 2023-0675-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include a use-after-free vulnerability.
An update for tigervnc and xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code exec...
Red Hat Security Advisory 2023-0663-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-0664-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-0665-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-0662-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-0622-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-0623-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.
An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read ...
An update for tigervnc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forw...
An update for tigervnc is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote cod...
An update for tigervnc is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and ...
Debian Linux Security Advisory 5342-1 - Jan-Niklas Sohn discovered that a user-after-free flaw in the X Input extension of the X.org X server may result in privilege escalation if the X server is running under the root user.
An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote cod...
An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forw...