Headline
RHSA-2023:1592: Red Hat Security Advisory: tigervnc security update
An update for tigervnc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-04-04
Updated:
2023-04-04
RHSA-2023:1592 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: tigervnc security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for tigervnc is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.
Security Fix(es):
- xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability (CVE-2023-1393)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
Fixes
- BZ - 2180288 - CVE-2023-1393 xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability
Red Hat Enterprise Linux for x86_64 9
SRPM
tigervnc-1.12.0-5.el9_1.2.src.rpm
SHA-256: 30f1335129348e96f91c805c9c111631c43dd9c531f28659ef34cb7d81b6f40b
x86_64
tigervnc-1.12.0-5.el9_1.2.x86_64.rpm
SHA-256: 3e0e50436358c41ebef2b9459f1620af3aaf84be73a26bad66911092451dd2c7
tigervnc-debuginfo-1.12.0-5.el9_1.2.x86_64.rpm
SHA-256: f1d95cdec17c4191dd1e3c7684d643636163432b5c619f150f988a48bd7a68e4
tigervnc-debugsource-1.12.0-5.el9_1.2.x86_64.rpm
SHA-256: fb36bb3c38f3792bc9a2aa5c1ffea9b0c424a54e139aef8d46360a87b7a3a124
tigervnc-icons-1.12.0-5.el9_1.2.noarch.rpm
SHA-256: e516ec2509b6498edca54946e88e475d8ba1a3e061143209341bd2c10590264b
tigervnc-license-1.12.0-5.el9_1.2.noarch.rpm
SHA-256: b1606675237fce870234f94ed19b183cdee7cdb6f928b5855382c32592dbbf9b
tigervnc-selinux-1.12.0-5.el9_1.2.noarch.rpm
SHA-256: 5a7f3a8cde6ecb1fc3c68947da9b0ef5441c4c7337d356710e0305bfe5b3dd37
tigervnc-server-1.12.0-5.el9_1.2.x86_64.rpm
SHA-256: 1d1ea97829f1d9405fdd6efb84bcbcf47a8b64e0112fa84af046e26fe5e5ab1a
tigervnc-server-debuginfo-1.12.0-5.el9_1.2.x86_64.rpm
SHA-256: 1c7ef89e55fb23b96e3c79efe3193bf4bf5c158ee9be809dc5ac9105afe09788
tigervnc-server-minimal-1.12.0-5.el9_1.2.x86_64.rpm
SHA-256: 14618285f56b4cf8189ddc812d2162b4552b718af554dc3482a31081620204bb
tigervnc-server-minimal-debuginfo-1.12.0-5.el9_1.2.x86_64.rpm
SHA-256: 4b0dc6d34ce8a810bcabdf5003e047f8249001c746daaa98a120b64508b5bd5a
tigervnc-server-module-1.12.0-5.el9_1.2.x86_64.rpm
SHA-256: 8b59d373a0617dab6d407a7fa484751430eba4880648588fd4aaed1a930585e8
tigervnc-server-module-debuginfo-1.12.0-5.el9_1.2.x86_64.rpm
SHA-256: 2a10c5c489fe9ac58197552691dfeb4bbe29602532e72a48029299a846ff7414
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
tigervnc-1.12.0-5.el9_1.2.src.rpm
SHA-256: 30f1335129348e96f91c805c9c111631c43dd9c531f28659ef34cb7d81b6f40b
s390x
tigervnc-1.12.0-5.el9_1.2.s390x.rpm
SHA-256: 9b56f18b14d1550db04d1b695b4a1d4847ac2cd25135304c5aee585d31afdb94
tigervnc-debuginfo-1.12.0-5.el9_1.2.s390x.rpm
SHA-256: 43c443173d95911cd3fe4aee17c5c7b606eed464b6664ef7dabd71ac1b3f19fc
tigervnc-debugsource-1.12.0-5.el9_1.2.s390x.rpm
SHA-256: b82488404b5ea578b21fa187d4ff59ac946bb4d878c3115b3093ed06f23ef896
tigervnc-icons-1.12.0-5.el9_1.2.noarch.rpm
SHA-256: e516ec2509b6498edca54946e88e475d8ba1a3e061143209341bd2c10590264b
tigervnc-license-1.12.0-5.el9_1.2.noarch.rpm
SHA-256: b1606675237fce870234f94ed19b183cdee7cdb6f928b5855382c32592dbbf9b
tigervnc-selinux-1.12.0-5.el9_1.2.noarch.rpm
SHA-256: 5a7f3a8cde6ecb1fc3c68947da9b0ef5441c4c7337d356710e0305bfe5b3dd37
tigervnc-server-1.12.0-5.el9_1.2.s390x.rpm
SHA-256: 7e68a3818bbc891d1b3bca070316f38ed1c633214142ff332a9c1d402dc1fa04
tigervnc-server-debuginfo-1.12.0-5.el9_1.2.s390x.rpm
SHA-256: c22c410cbdad8a1e46d3a7b5e4bf9ec8f8b4f65c0896a596b0905e25f6a71df1
tigervnc-server-minimal-1.12.0-5.el9_1.2.s390x.rpm
SHA-256: 976f0e5aa6bf4d259533e183062a09dd79e5e9e7561c5f4f14e7b231d9266e21
tigervnc-server-minimal-debuginfo-1.12.0-5.el9_1.2.s390x.rpm
SHA-256: 9c6fe1221a1319dcb53b212ff517e206c265b7e8dbe96e65156b14e0bb3962db
tigervnc-server-module-1.12.0-5.el9_1.2.s390x.rpm
SHA-256: 1a8e0077ba4b57787928e403acd59ded55deb271b38e175a6c1516c737557489
tigervnc-server-module-debuginfo-1.12.0-5.el9_1.2.s390x.rpm
SHA-256: 6c38f5b149e1361e201dd0492cf620701450bf33b80f5d83bd5f432daab9056d
Red Hat Enterprise Linux for Power, little endian 9
SRPM
tigervnc-1.12.0-5.el9_1.2.src.rpm
SHA-256: 30f1335129348e96f91c805c9c111631c43dd9c531f28659ef34cb7d81b6f40b
ppc64le
tigervnc-1.12.0-5.el9_1.2.ppc64le.rpm
SHA-256: 07db875839f534d9097785ad53cf20c13680f3ee224775dc94c1295b0fc2b691
tigervnc-debuginfo-1.12.0-5.el9_1.2.ppc64le.rpm
SHA-256: bdcf49fb2a34c30cc0064fadf807e18ee62de755213f3f482cc5e0f474cbda87
tigervnc-debugsource-1.12.0-5.el9_1.2.ppc64le.rpm
SHA-256: 69e9de570908f710a8fda95bd8e11576cb3167cdcf3eebaa931f8f132087e3fe
tigervnc-icons-1.12.0-5.el9_1.2.noarch.rpm
SHA-256: e516ec2509b6498edca54946e88e475d8ba1a3e061143209341bd2c10590264b
tigervnc-license-1.12.0-5.el9_1.2.noarch.rpm
SHA-256: b1606675237fce870234f94ed19b183cdee7cdb6f928b5855382c32592dbbf9b
tigervnc-selinux-1.12.0-5.el9_1.2.noarch.rpm
SHA-256: 5a7f3a8cde6ecb1fc3c68947da9b0ef5441c4c7337d356710e0305bfe5b3dd37
tigervnc-server-1.12.0-5.el9_1.2.ppc64le.rpm
SHA-256: 0b4917fc450d978d4058f1bd394656d4f0e0bec36c071162070377e6dee5fe46
tigervnc-server-debuginfo-1.12.0-5.el9_1.2.ppc64le.rpm
SHA-256: 323fc5cc9106e31b06be6b326ab67e719eb3c53863119883745792c14e07af44
tigervnc-server-minimal-1.12.0-5.el9_1.2.ppc64le.rpm
SHA-256: d10f9933b673aa847532f12934902afb22cdb5d2219a127c074514c39a5c848b
tigervnc-server-minimal-debuginfo-1.12.0-5.el9_1.2.ppc64le.rpm
SHA-256: ac6df50ed82f0cca0331882ff570a6b9560683137e5cd13b0fa953e24de79197
tigervnc-server-module-1.12.0-5.el9_1.2.ppc64le.rpm
SHA-256: ecaf8229b479a31852e7a7907ffee99f161cd5425ba6c5898b8c2026fa85ab83
tigervnc-server-module-debuginfo-1.12.0-5.el9_1.2.ppc64le.rpm
SHA-256: a3182a1e09e15f12f69ceee97a0519a2e2d8fc6b9f58f78b1e5830cead932374
Red Hat Enterprise Linux for ARM 64 9
SRPM
tigervnc-1.12.0-5.el9_1.2.src.rpm
SHA-256: 30f1335129348e96f91c805c9c111631c43dd9c531f28659ef34cb7d81b6f40b
aarch64
tigervnc-1.12.0-5.el9_1.2.aarch64.rpm
SHA-256: 0ce095cecb75c9182796b756b37a94e16adc9faa5d537dd0e9f29d89f9282352
tigervnc-debuginfo-1.12.0-5.el9_1.2.aarch64.rpm
SHA-256: 5f6f73432547bec9ce2f7922eba200b4a1dc2776a613feebbe2d3df40f95341e
tigervnc-debugsource-1.12.0-5.el9_1.2.aarch64.rpm
SHA-256: 44188b315b93929407cd1a8f77f225a70fccfd0d75c33fc1e263e055494a8980
tigervnc-icons-1.12.0-5.el9_1.2.noarch.rpm
SHA-256: e516ec2509b6498edca54946e88e475d8ba1a3e061143209341bd2c10590264b
tigervnc-license-1.12.0-5.el9_1.2.noarch.rpm
SHA-256: b1606675237fce870234f94ed19b183cdee7cdb6f928b5855382c32592dbbf9b
tigervnc-selinux-1.12.0-5.el9_1.2.noarch.rpm
SHA-256: 5a7f3a8cde6ecb1fc3c68947da9b0ef5441c4c7337d356710e0305bfe5b3dd37
tigervnc-server-1.12.0-5.el9_1.2.aarch64.rpm
SHA-256: a2a03eaaabb9e1a95dd5da218bc5eec313c7602c3a99c9cda9f3d250b9cfbd02
tigervnc-server-debuginfo-1.12.0-5.el9_1.2.aarch64.rpm
SHA-256: b7d70afae4c06f6bf5408e7560c695bcaf07e0f809ca2f8572ca6d5e692b41f9
tigervnc-server-minimal-1.12.0-5.el9_1.2.aarch64.rpm
SHA-256: f231f5bb2e2136d769c9630052f6d78a72ad26129169852adf769f8ba8b7fcab
tigervnc-server-minimal-debuginfo-1.12.0-5.el9_1.2.aarch64.rpm
SHA-256: bd0ccf9871a09abd2a692aafd6e2bcda5b218eb9516e445cc1ab568900586822
tigervnc-server-module-1.12.0-5.el9_1.2.aarch64.rpm
SHA-256: afa754c464c8cabc95d142cbc9089bf1b6a672a1cfa12c2363b6bc3f926de465
tigervnc-server-module-debuginfo-1.12.0-5.el9_1.2.aarch64.rpm
SHA-256: 4fed241de44bd993ba69f03582a792bf75620a0424ac59713addedb319990ec5
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2023-1549-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-1600-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-1594-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Issues addressed include privilege escalation and use-after-free vulnerabilities.
An update for tigervnc and xorg-x11-server is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1393: A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserve...
A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
Ubuntu Security Notice 5986-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations. An attacker could possibly use these issues to cause the X Server to crash, execute arbitrary code, or escalate privileges.
Debian Linux Security Advisory 5380-1 - Jan-Niklas Sohn discovered that a user-after-free flaw in the Composite extension of the X.org X server may result in privilege escalation if the X server is running under the root user.