ELSA-2024-2037

Опубликовано: 24 апр. 2024

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2024-2037: tigervnc security update (IMPORTANT)

[1.13.1-2.10]

Fix crash caused by fix for CVE-2024-31083 Resolves: RHEL-30981

[1.13.1-2.9]

Rebuild (z-stream target) Resolves: RHEL-31011 Resolves: RHEL-30981 Resolves: RHEL-30998

[1.13.1-2.8]

Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents Resolves: RHEL-31011
Fix CVE-2024-31083 tigervnc: xorg-x11-server: User-after-free in ProcRenderAddGlyphs Resolves: RHEL-30981
Fix CVE-2024-31081 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice Resolves: RHEL-30998

[1.13.1-3.7]

Fix use after free related to CVE-2024-21886 Resolves: RHEL-20432
Fix copy/paste error in the DeviceStateNotify Resolves: RHEL-20583

[1.13.1-3.6]

Don't try to get pointer position when the pointer becomes a floating device Resolves: RHEL-20432

[1.13.1-3.5]

Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice Resolves: RHEL-20432
Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent Resolves: RHEL-20420
Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access Resolves: RHEL-20583
Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer Resolves: RHEL-21252

[1.13.1-2.4]

Updated fix for CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions Resolves: RHEL-18409

[1.13.1-2.3]

Rebuild (selinux-policy) Resolves: RHEL-18409 Resolves: RHEL-18421

[1.13.1-2.2]

Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions Resolves: RHEL-18409
Fix CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty Resolves: RHEL-18421

[1.13.1-2.1]

Fix CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow
Fix CVE-2023-5367 tigervnc: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty Resolves: RHEL-15229

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

tigervnc

1.13.1-2.el8_9.10

tigervnc-icons

1.13.1-2.el8_9.10

tigervnc-license

1.13.1-2.el8_9.10

tigervnc-selinux

1.13.1-2.el8_9.10

tigervnc-server

1.13.1-2.el8_9.10

tigervnc-server-minimal

1.13.1-2.el8_9.10

tigervnc-server-module

1.13.1-2.el8_9.10

Oracle Linux x86_64

tigervnc

1.13.1-2.el8_9.10

tigervnc-icons

1.13.1-2.el8_9.10

tigervnc-license

1.13.1-2.el8_9.10

tigervnc-selinux

1.13.1-2.el8_9.10

tigervnc-server

1.13.1-2.el8_9.10

tigervnc-server-minimal

1.13.1-2.el8_9.10

tigervnc-server-module

1.13.1-2.el8_9.10

Связанные CVE

CVE-2024-31080

CVE-2024-31083

CVE-2024-31081

Ссылки на источники

Связанные уязвимости

SUSE-SU-2024:2776-1

suse-cvrf

11 месяцев назад

Security update for dri3proto, presentproto, wayland-protocols, xwayland

SUSE-SU-2024:1264-1

suse-cvrf

около 1 года назад

Security update for xwayland

RLSA-2024:3343

rocky

около 1 года назад

Important: xorg-x11-server-Xwayland security update

RLSA-2024:3261

rocky

около 1 года назад

Important: tigervnc security update

RLSA-2024:3258

rocky

около 1 года назад

Moderate: xorg-x11-server security update