tigervnc-1.8.0-25.el7, xorg-x11-server-1.20.4-23.el7

エラータID: AXSA:2023-5250:02

Release date: 
Tuesday, April 4, 2023 - 13:15
Subject: 
tigervnc-1.8.0-25.el7, xorg-x11-server-1.20.4-23.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.

Security Fix(es):

* xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability (CVE-2023-1393)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-1393
A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.

Solution: 

Update packages.

CVEs: 
CVE-2023-1393
A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.
Additional Info: 

N/A

Download: 

SRPMS
  1. tigervnc-1.8.0-25.el7.src.rpm
    MD5: f3d2184266eec59ac4e3f434c308a5a0
    SHA-256: 0ef3fceb4b60e0b45e30acb727ea08c6abbcccb4608748260a5c8e7b9f3c2bf8
    Size: 1.46 MB
  2. xorg-x11-server-1.20.4-23.el7.src.rpm
    MD5: 2e45759fbf49d835319bbc8cae7417ea
    SHA-256: 46a8418fd7a0aea5491a95a8410c45ad76db513021e74ec5c8f1c92d3d0ba452
    Size: 5.94 MB

Asianux Server 7 for x86_64
  1. tigervnc-1.8.0-25.el7.x86_64.rpm
    MD5: e305a60cbfdec375333a95e8a1c9d663
    SHA-256: 16644cf30e8dd5df10cd5ed76f4d24dd3341d1e3bba56360e63f0cfbb25db4f4
    Size: 235.96 kB
  2. tigervnc-icons-1.8.0-25.el7.noarch.rpm
    MD5: c041c70884300857428e650e6be2135c
    SHA-256: 8dc85102919f83681f5d819b983749ef5aed81e433d8227ff1fe184d54d67580
    Size: 39.34 kB
  3. tigervnc-license-1.8.0-25.el7.noarch.rpm
    MD5: 60641466d1b012afbefecbed873c8ae8
    SHA-256: 7bac63215fbf73332b4cbece52c06d8ca2ae7e87095c1fb3513660b85732562b
    Size: 30.10 kB
  4. tigervnc-server-1.8.0-25.el7.x86_64.rpm
    MD5: b56d44c8e04aaa582fad3ff347dcf914
    SHA-256: 7ddf71b95860d89bfd2654fb451fe16adf11340488697191d5d1b2a31b084108
    Size: 211.11 kB
  5. tigervnc-server-minimal-1.8.0-25.el7.x86_64.rpm
    MD5: 5d2af347bfd044be7eead2d4daeec508
    SHA-256: 1dab2e52cb8afa693aa95208d45e18f5c13886dc72824bf499a1f8e4cbe2a285
    Size: 1.04 MB
  6. xorg-x11-server-common-1.20.4-23.el7.x86_64.rpm
    MD5: 6333becb0993cf054db7beeb29958228
    SHA-256: c2ff0a9e4de8cdeae2ec3c9455d82ff6cde0a4081f903e5f52fff48aab0a5a1f
    Size: 55.89 kB
  7. xorg-x11-server-Xephyr-1.20.4-23.el7.x86_64.rpm
    MD5: cc77d1ca86b3e1ab0d81a85580d356c6
    SHA-256: a38c3b26cb9603981157a041da225e72a4159f1927cd83bb5cc1be6f85541bd1
    Size: 0.98 MB
  8. xorg-x11-server-Xorg-1.20.4-23.el7.x86_64.rpm
    MD5: 08c86110a624d87b357229c76096f3ab
    SHA-256: c428b0610d15a270901ca722aaf4e333781c31937413665217e999b66eabb078
    Size: 1.45 MB
  9. xorg-x11-server-Xwayland-1.20.4-23.el7.x86_64.rpm
    MD5: 86fcfccda135d792d747a3777ac4bb95
    SHA-256: 6d997a57c870636b6c875548b5625934860a9b7e48154126133053d7cca9a018
    Size: 951.75 kB