Headline
RHSA-2023:0662: Red Hat Security Advisory: tigervnc security update
An update for tigervnc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-02-08
Updated:
2023-02-08
RHSA-2023:0662 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: tigervnc security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for tigervnc is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.
Security Fix(es):
- xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation (CVE-2023-0494)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 2165995 - CVE-2023-0494 xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation
Red Hat Enterprise Linux for x86_64 8
SRPM
tigervnc-1.12.0-9.el8_7.1.src.rpm
SHA-256: 37c3424e85c50c324a463413a01a5f2ca6ee72cde7f356843b4972e37511853e
x86_64
tigervnc-1.12.0-9.el8_7.1.x86_64.rpm
SHA-256: 00f03e4b4d24a3f8a0f576db25ec851aa2dc0382e51041d712f4c1c963b4a85c
tigervnc-debuginfo-1.12.0-9.el8_7.1.x86_64.rpm
SHA-256: b12b6a9c533fed287fc5bb7aa403d4a894ac98f31d2b926996cb9992d266a4d9
tigervnc-debugsource-1.12.0-9.el8_7.1.x86_64.rpm
SHA-256: ab9e8b6ce973cf9209aed00328e24fdef3b336b13164965b2fe43bcc9a80416e
tigervnc-icons-1.12.0-9.el8_7.1.noarch.rpm
SHA-256: 8071b07d6ad15dc04562bcbfd31fea0ef087717f6bcc99a3eb72923d17329cef
tigervnc-license-1.12.0-9.el8_7.1.noarch.rpm
SHA-256: 47a2790793a519528c363b90cc4ad353f7e0b6ef389eb36535ac6b71bb65f102
tigervnc-selinux-1.12.0-9.el8_7.1.noarch.rpm
SHA-256: dca02a33ad32104543674f5d1e2c5673b0a23c330f62d5cbc4bcbe0dc16460e2
tigervnc-server-1.12.0-9.el8_7.1.x86_64.rpm
SHA-256: c8d8bff0b7167acb3c4bcaa595a7d3c4da9ece0e975549f2cfb0d5f28ace4e7a
tigervnc-server-debuginfo-1.12.0-9.el8_7.1.x86_64.rpm
SHA-256: 75a4d6b0ed8cacbb12499c89f564e1b8c72d497e49e4c7cee57e84912d94482d
tigervnc-server-minimal-1.12.0-9.el8_7.1.x86_64.rpm
SHA-256: 71b0617ece0a2a365503af266550845068425bb0085627d86bde506bd8553204
tigervnc-server-minimal-debuginfo-1.12.0-9.el8_7.1.x86_64.rpm
SHA-256: 9c2dbe30d204f5e5ee1f19c3dbd80888e4b5acf87b21b164fcab0e54606a9b29
tigervnc-server-module-1.12.0-9.el8_7.1.x86_64.rpm
SHA-256: 5c746996429ec3d7153c9476c315cc186032c7b2177d02305da4ebc7a0501c2f
tigervnc-server-module-debuginfo-1.12.0-9.el8_7.1.x86_64.rpm
SHA-256: 31701fe48d6de5d68c9ae8ce0b0427f1a41af90a9df0499c33cfe0923f053c09
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
tigervnc-1.12.0-9.el8_7.1.src.rpm
SHA-256: 37c3424e85c50c324a463413a01a5f2ca6ee72cde7f356843b4972e37511853e
s390x
tigervnc-1.12.0-9.el8_7.1.s390x.rpm
SHA-256: 5ded7546704a124b68b67b44e46740009fe8fb6f01fc045a946272cc87fbb6f6
tigervnc-debuginfo-1.12.0-9.el8_7.1.s390x.rpm
SHA-256: 313ac4abc5465e0e0e58b951a652587dfcc93a8b1229c04649ed3b5294b67445
tigervnc-debugsource-1.12.0-9.el8_7.1.s390x.rpm
SHA-256: dc41aa6e0c4d99a91946bd2d705e317d77d6b5be7e655843a0040cd48f78126f
tigervnc-icons-1.12.0-9.el8_7.1.noarch.rpm
SHA-256: 8071b07d6ad15dc04562bcbfd31fea0ef087717f6bcc99a3eb72923d17329cef
tigervnc-license-1.12.0-9.el8_7.1.noarch.rpm
SHA-256: 47a2790793a519528c363b90cc4ad353f7e0b6ef389eb36535ac6b71bb65f102
tigervnc-selinux-1.12.0-9.el8_7.1.noarch.rpm
SHA-256: dca02a33ad32104543674f5d1e2c5673b0a23c330f62d5cbc4bcbe0dc16460e2
tigervnc-server-1.12.0-9.el8_7.1.s390x.rpm
SHA-256: 7ace5ef8b028916abfb76c2593e0c094a998af3f626c1670b5fed774b8633493
tigervnc-server-debuginfo-1.12.0-9.el8_7.1.s390x.rpm
SHA-256: 43608c98fd4db9d387cdb518ca7f3861da68212fcbc526e743319631121b32bf
tigervnc-server-minimal-1.12.0-9.el8_7.1.s390x.rpm
SHA-256: 85ffcc12d35a5bcdf69c254e839465e9960c883ea18464371aa2bd51c8f31d86
tigervnc-server-minimal-debuginfo-1.12.0-9.el8_7.1.s390x.rpm
SHA-256: 3d3040388cadb44bfd28862ccbfe17efd98676868ec3f91a23ffe2b238f023e1
tigervnc-server-module-1.12.0-9.el8_7.1.s390x.rpm
SHA-256: 4d13131cb8d62a8d193aac1b2b7cc9c0c82f55e831d3288aa0be13b85bc9a932
tigervnc-server-module-debuginfo-1.12.0-9.el8_7.1.s390x.rpm
SHA-256: a4a371d1cf9c33d079edc2622dec294fec2dc22814c9d2ae595e4e72f931e00c
Red Hat Enterprise Linux for Power, little endian 8
SRPM
tigervnc-1.12.0-9.el8_7.1.src.rpm
SHA-256: 37c3424e85c50c324a463413a01a5f2ca6ee72cde7f356843b4972e37511853e
ppc64le
tigervnc-1.12.0-9.el8_7.1.ppc64le.rpm
SHA-256: 2cccb4109a33d345b9ea2f0418b0460b9286762e16c832e6d98e59c3146790a2
tigervnc-debuginfo-1.12.0-9.el8_7.1.ppc64le.rpm
SHA-256: 13d659ea494bd85926f1371aa842088395992ea375e38829e93bb813cc909267
tigervnc-debugsource-1.12.0-9.el8_7.1.ppc64le.rpm
SHA-256: 0ce9cf3ea54562f4e045e20e4ff2dda64fc7477a778af5f8f8abbf6156389f8b
tigervnc-icons-1.12.0-9.el8_7.1.noarch.rpm
SHA-256: 8071b07d6ad15dc04562bcbfd31fea0ef087717f6bcc99a3eb72923d17329cef
tigervnc-license-1.12.0-9.el8_7.1.noarch.rpm
SHA-256: 47a2790793a519528c363b90cc4ad353f7e0b6ef389eb36535ac6b71bb65f102
tigervnc-selinux-1.12.0-9.el8_7.1.noarch.rpm
SHA-256: dca02a33ad32104543674f5d1e2c5673b0a23c330f62d5cbc4bcbe0dc16460e2
tigervnc-server-1.12.0-9.el8_7.1.ppc64le.rpm
SHA-256: e7756cf8acedd03cfca3f48c0b93ab71d8c3579555beb96d27e892ecaa9394d3
tigervnc-server-debuginfo-1.12.0-9.el8_7.1.ppc64le.rpm
SHA-256: cd9a2eea5157534f1cca205ff48bed95e89066f7761f66963d04996b590b7b78
tigervnc-server-minimal-1.12.0-9.el8_7.1.ppc64le.rpm
SHA-256: 1ed7ec62610c599093987509a1963b2bf7a96dbdf247602b1a24b552e87e79a3
tigervnc-server-minimal-debuginfo-1.12.0-9.el8_7.1.ppc64le.rpm
SHA-256: 84a7e27bed35532ecd5e855044710a2e784c9654e56564de09fb30a289c755f0
tigervnc-server-module-1.12.0-9.el8_7.1.ppc64le.rpm
SHA-256: 8935195107261437e81ea5e7eababf6c4f0e7f952c94599a8e8fd0daa395b4be
tigervnc-server-module-debuginfo-1.12.0-9.el8_7.1.ppc64le.rpm
SHA-256: 3600422320b39190782cff477154caf414b381a6a44216ec4220630d3baf51a7
Red Hat Enterprise Linux for ARM 64 8
SRPM
tigervnc-1.12.0-9.el8_7.1.src.rpm
SHA-256: 37c3424e85c50c324a463413a01a5f2ca6ee72cde7f356843b4972e37511853e
aarch64
tigervnc-1.12.0-9.el8_7.1.aarch64.rpm
SHA-256: a6ef19d41d8e68128702ab2420ca14d17d21b5ad0f48054e187348c3802db502
tigervnc-debuginfo-1.12.0-9.el8_7.1.aarch64.rpm
SHA-256: 9bf6b24a5c8a55aa3e50857a068f42320e11f9cc8a5f05ad17a5cb72f7aae4c8
tigervnc-debugsource-1.12.0-9.el8_7.1.aarch64.rpm
SHA-256: b66e41a467463932d40b2b29574574756936187a1ddd214df787ec8e6531a82e
tigervnc-icons-1.12.0-9.el8_7.1.noarch.rpm
SHA-256: 8071b07d6ad15dc04562bcbfd31fea0ef087717f6bcc99a3eb72923d17329cef
tigervnc-license-1.12.0-9.el8_7.1.noarch.rpm
SHA-256: 47a2790793a519528c363b90cc4ad353f7e0b6ef389eb36535ac6b71bb65f102
tigervnc-selinux-1.12.0-9.el8_7.1.noarch.rpm
SHA-256: dca02a33ad32104543674f5d1e2c5673b0a23c330f62d5cbc4bcbe0dc16460e2
tigervnc-server-1.12.0-9.el8_7.1.aarch64.rpm
SHA-256: 286d95e19c5949a92b08de59e568a37f742a99d7071d5423a81e76583c79e0d5
tigervnc-server-debuginfo-1.12.0-9.el8_7.1.aarch64.rpm
SHA-256: c9bf0d6434d00fed63de2ade9eb7eba38422352b6cc35987217bd8af0b7233cc
tigervnc-server-minimal-1.12.0-9.el8_7.1.aarch64.rpm
SHA-256: 1ae51a7a8c65824236210acdaf579a6e68600a0fad8cf6796eacb29352821532
tigervnc-server-minimal-debuginfo-1.12.0-9.el8_7.1.aarch64.rpm
SHA-256: ccbce250079106f1ade9da9b7d4d4fa7a5a7cf077b2ce6efdba279aa3bd91b5c
tigervnc-server-module-1.12.0-9.el8_7.1.aarch64.rpm
SHA-256: 6620543a864515ec5d1cb6d5b05693f26a7f9810c44fbdea8668098415c84a1a
tigervnc-server-module-debuginfo-1.12.0-9.el8_7.1.aarch64.rpm
SHA-256: 5a7e1fe0514a7781857609bc45648fc8a7f13430b11aaf38029f7eeff4763c61
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The Pro...
An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3550: A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service. * CVE-2022-3551: A flaw was found in the xorg-x11-server package. The Pro...
Ubuntu Security Notice 5778-2 - USN-5778-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that X.Org X Server extensions contained multiple security issues. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Red Hat Security Advisory 2023-0671-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.
An update for tigervnc and xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code exec...
Red Hat Security Advisory 2023-0663-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-0664-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-0665-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-0662-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-0622-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-0623-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include a use-after-free vulnerability.
An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read ...
An update for tigervnc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote cod...
An update for tigervnc is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote cod...
An update for tigervnc is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and ...
Debian Linux Security Advisory 5342-1 - Jan-Niklas Sohn discovered that a user-after-free flaw in the X Input extension of the X.org X server may result in privilege escalation if the X server is running under the root user.
An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote cod...
An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forw...