Headline
RHSA-2023:0622: Red Hat Security Advisory: tigervnc security update
An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-02-07
Updated:
2023-02-07
RHSA-2023:0622 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: tigervnc security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for tigervnc is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.
Security Fix(es):
- xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation (CVE-2023-0494)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
Fixes
- BZ - 2165995 - CVE-2023-0494 xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation
Red Hat Enterprise Linux for x86_64 9
SRPM
tigervnc-1.12.0-5.el9_1.1.src.rpm
SHA-256: 9737f8471e5e1d4f09864ca6f76d6cc24ff6d919bd6f8673cd019c4b1e6201a4
x86_64
tigervnc-1.12.0-5.el9_1.1.x86_64.rpm
SHA-256: 180ad68738154f8e805005d77dcfabf5adbd72bba9cfe41eca84955e28a315d9
tigervnc-debuginfo-1.12.0-5.el9_1.1.x86_64.rpm
SHA-256: b871a85f86ae0de27ce501143a14fc9ad2c650375de5e6eedfff8a44d5e66d8d
tigervnc-debugsource-1.12.0-5.el9_1.1.x86_64.rpm
SHA-256: 7f2ece864c1a4b048113f28911727f471c0535a47817b31a8bb5a40cbfe67cbc
tigervnc-icons-1.12.0-5.el9_1.1.noarch.rpm
SHA-256: fa7651eed98a39c8d6d31e76aec1091be82b60a8626a0c3bfc610cea8600533a
tigervnc-license-1.12.0-5.el9_1.1.noarch.rpm
SHA-256: 9cf49617c2a2757170355fd79417c62d2450e41cb796fa2706ccb1307c6604c8
tigervnc-selinux-1.12.0-5.el9_1.1.noarch.rpm
SHA-256: abd27e5ebe45b2d1508c9c99293a2299fb363e09efb9be872d5b88de9f0b0c11
tigervnc-server-1.12.0-5.el9_1.1.x86_64.rpm
SHA-256: 1e1bcdf696a819c8c8c32bd795b41a73ad6bf6e2cd330afd267a8d4704a486aa
tigervnc-server-debuginfo-1.12.0-5.el9_1.1.x86_64.rpm
SHA-256: 0fdc4f1b51d6c5cf719fae8bf05facbc618efdd23b79188bd3edbf75ad561248
tigervnc-server-minimal-1.12.0-5.el9_1.1.x86_64.rpm
SHA-256: c34430379177b9e39c5eac41ba89dbc52848ecb3c6b0ca6fcb3aeb39e3e7eecf
tigervnc-server-minimal-debuginfo-1.12.0-5.el9_1.1.x86_64.rpm
SHA-256: 322f625b41309f94f7c4d9c1119cc93b914ecc497d6d4d5ca0782190be5d02f1
tigervnc-server-module-1.12.0-5.el9_1.1.x86_64.rpm
SHA-256: e3c437a7cbfc5af7fc79add92f0735b3790457879697ee5e5fdb2fe328ea8300
tigervnc-server-module-debuginfo-1.12.0-5.el9_1.1.x86_64.rpm
SHA-256: 035f4cec423c23362e60fff4107a64dab32ff060426713bf01a83a2474785014
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
tigervnc-1.12.0-5.el9_1.1.src.rpm
SHA-256: 9737f8471e5e1d4f09864ca6f76d6cc24ff6d919bd6f8673cd019c4b1e6201a4
s390x
tigervnc-1.12.0-5.el9_1.1.s390x.rpm
SHA-256: c45c45394b12c934ef960304e83749d6a8826906cc9c8dc296401e6dbc0928a3
tigervnc-debuginfo-1.12.0-5.el9_1.1.s390x.rpm
SHA-256: 574dd70e09fda9030f01738abee90b9677d2f86a6f9628bab9189278653703ba
tigervnc-debugsource-1.12.0-5.el9_1.1.s390x.rpm
SHA-256: 5f2d6690437b281bc14363839024ecefdfdf41a3ac7ea7aa53d5e5727c9be546
tigervnc-icons-1.12.0-5.el9_1.1.noarch.rpm
SHA-256: fa7651eed98a39c8d6d31e76aec1091be82b60a8626a0c3bfc610cea8600533a
tigervnc-license-1.12.0-5.el9_1.1.noarch.rpm
SHA-256: 9cf49617c2a2757170355fd79417c62d2450e41cb796fa2706ccb1307c6604c8
tigervnc-selinux-1.12.0-5.el9_1.1.noarch.rpm
SHA-256: abd27e5ebe45b2d1508c9c99293a2299fb363e09efb9be872d5b88de9f0b0c11
tigervnc-server-1.12.0-5.el9_1.1.s390x.rpm
SHA-256: 8049b067871833dd46da3f7b5cf0ddcdadb454c0563c22509489a070edb76ba2
tigervnc-server-debuginfo-1.12.0-5.el9_1.1.s390x.rpm
SHA-256: 90287495c1f6d7ff97bd77cba62173d8f02490cb768f57225ce00fa2e8bc624e
tigervnc-server-minimal-1.12.0-5.el9_1.1.s390x.rpm
SHA-256: 0f8b92913a011b1fa18c02818379d510e491cf84a7eabaffe1a5c9573db58cca
tigervnc-server-minimal-debuginfo-1.12.0-5.el9_1.1.s390x.rpm
SHA-256: 37ea632782165689897cb202f2c927f413abb4d5f4e53e3eb4e899ca222f12c1
tigervnc-server-module-1.12.0-5.el9_1.1.s390x.rpm
SHA-256: 309205312c67107a4be535f09ce30d614642bf585e0f89562d4b27467365b8ed
tigervnc-server-module-debuginfo-1.12.0-5.el9_1.1.s390x.rpm
SHA-256: 5910d1f5f521708bb37e976033f6898abc547d84c081360382c87d0bd33d793d
Red Hat Enterprise Linux for Power, little endian 9
SRPM
tigervnc-1.12.0-5.el9_1.1.src.rpm
SHA-256: 9737f8471e5e1d4f09864ca6f76d6cc24ff6d919bd6f8673cd019c4b1e6201a4
ppc64le
tigervnc-1.12.0-5.el9_1.1.ppc64le.rpm
SHA-256: e7440def85f4724619679c4a5ef502f5dd1bebd470d148f6dd51724c65006864
tigervnc-debuginfo-1.12.0-5.el9_1.1.ppc64le.rpm
SHA-256: e31635de6f2168e8401061d54ecdf18ecdc43f8c54158422ad890b7313592890
tigervnc-debugsource-1.12.0-5.el9_1.1.ppc64le.rpm
SHA-256: 16cf8c56359d59745b5b58484368d5003d4fc15497024b1beec329cd6e5eee59
tigervnc-icons-1.12.0-5.el9_1.1.noarch.rpm
SHA-256: fa7651eed98a39c8d6d31e76aec1091be82b60a8626a0c3bfc610cea8600533a
tigervnc-license-1.12.0-5.el9_1.1.noarch.rpm
SHA-256: 9cf49617c2a2757170355fd79417c62d2450e41cb796fa2706ccb1307c6604c8
tigervnc-selinux-1.12.0-5.el9_1.1.noarch.rpm
SHA-256: abd27e5ebe45b2d1508c9c99293a2299fb363e09efb9be872d5b88de9f0b0c11
tigervnc-server-1.12.0-5.el9_1.1.ppc64le.rpm
SHA-256: 838b1c6053f88861c15366af53d76c7cc662898818c2e7e1d5faf9f4e4ea5b45
tigervnc-server-debuginfo-1.12.0-5.el9_1.1.ppc64le.rpm
SHA-256: 96aab6dc132d03835b794c9c0c56c3d22cf315f20d4763f435127f522524cb4d
tigervnc-server-minimal-1.12.0-5.el9_1.1.ppc64le.rpm
SHA-256: 5f14cf235d660bfae7ba7486377355edbe98a294a8f8da6b85aae1f4aad6b6c7
tigervnc-server-minimal-debuginfo-1.12.0-5.el9_1.1.ppc64le.rpm
SHA-256: e20ff0c64833f0b4f305f0843c8eec9505c50a7c287d3e892682b4904ce45357
tigervnc-server-module-1.12.0-5.el9_1.1.ppc64le.rpm
SHA-256: 8112b5622aade972409441d6644a379cf160b9a552964640217ce9986925ee23
tigervnc-server-module-debuginfo-1.12.0-5.el9_1.1.ppc64le.rpm
SHA-256: f82e516baff69f469e545edcc42b91d52b471b3f595ee8c44b7ae801759dfdeb
Red Hat Enterprise Linux for ARM 64 9
SRPM
tigervnc-1.12.0-5.el9_1.1.src.rpm
SHA-256: 9737f8471e5e1d4f09864ca6f76d6cc24ff6d919bd6f8673cd019c4b1e6201a4
aarch64
tigervnc-1.12.0-5.el9_1.1.aarch64.rpm
SHA-256: 4ca91b6c0f94cc6398a5e762f417d1f88b18fa01feb033f11954bc7649728d8e
tigervnc-debuginfo-1.12.0-5.el9_1.1.aarch64.rpm
SHA-256: 131de2e94e69a63d10f46ea9d87b67a54f714a6e91bc54b5d24f5af05dc82f1e
tigervnc-debugsource-1.12.0-5.el9_1.1.aarch64.rpm
SHA-256: 927f085cc41f804d5c8ad30f7563b58fd050c02287d89b4e8c8fa2e95e8c759f
tigervnc-icons-1.12.0-5.el9_1.1.noarch.rpm
SHA-256: fa7651eed98a39c8d6d31e76aec1091be82b60a8626a0c3bfc610cea8600533a
tigervnc-license-1.12.0-5.el9_1.1.noarch.rpm
SHA-256: 9cf49617c2a2757170355fd79417c62d2450e41cb796fa2706ccb1307c6604c8
tigervnc-selinux-1.12.0-5.el9_1.1.noarch.rpm
SHA-256: abd27e5ebe45b2d1508c9c99293a2299fb363e09efb9be872d5b88de9f0b0c11
tigervnc-server-1.12.0-5.el9_1.1.aarch64.rpm
SHA-256: 1026978ced1bf9071b53d247fd711c110ea9c673eabdd848cf2633e29c2ca340
tigervnc-server-debuginfo-1.12.0-5.el9_1.1.aarch64.rpm
SHA-256: 6a44a47b5889b573fc71ad0536bdcfb537ac2f4768275788a7d8892b076ea311
tigervnc-server-minimal-1.12.0-5.el9_1.1.aarch64.rpm
SHA-256: 464672261f66a29350e479dc31266812cd4bc035d4eeda4f821eb0fd7792f898
tigervnc-server-minimal-debuginfo-1.12.0-5.el9_1.1.aarch64.rpm
SHA-256: 89e8b9e9faa31566d4dfb47eb4c0087bbd72351544d381fd9a933e20492e7ff7
tigervnc-server-module-1.12.0-5.el9_1.1.aarch64.rpm
SHA-256: 87bcf54e21749d1175fc9fedfb10cc7522840b88a71962829c83a79a56024ff5
tigervnc-server-module-debuginfo-1.12.0-5.el9_1.1.aarch64.rpm
SHA-256: 4ad902c3b09674215bc07b64a4d2bfd62d05200d889ee34a360c48869256cf3d
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The Pro...
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The Pro...
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
Red Hat Security Advisory 2023-0675-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-0663-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-0664-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-0665-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-0662-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-0622-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.
An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read ...
An update for tigervnc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote cod...
An update for tigervnc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forw...
An update for tigervnc is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote cod...
An update for tigervnc is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and ...
Debian Linux Security Advisory 5342-1 - Jan-Niklas Sohn discovered that a user-after-free flaw in the X Input extension of the X.org X server may result in privilege escalation if the X server is running under the root user.
An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote cod...