tigervnc-1.12.0-15.el8

エラータID: AXSA:2023-5934:10

Release date: 
Thursday, June 8, 2023 - 12:29
Subject: 
tigervnc-1.12.0-15.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

* xorg-x11-server: XkbGetKbdByName use-after-free (CVE-2022-4283)
* xorg-x11-server: XTestSwapFakeInput stack overflow (CVE-2022-46340)
* xorg-x11-server: XIPassiveUngrab out-of-bounds access (CVE-2022-46341)
* xorg-x11-server: XvdiSelectVideoNotify use-after-free (CVE-2022-46342)
* xorg-x11-server: ScreenSaverSetAttributes use-after-free (CVE-2022-46343)
* xorg-x11-server: XIChangeProperty out-of-bounds access (CVE-2022-46344)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.8 Release Notes linked from the References section.

CVE-2022-4283
A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
CVE-2022-46340
A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.
CVE-2022-46341
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
CVE-2022-46342
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se
CVE-2022-46343
A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
CVE-2022-46344
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. tigervnc-1.12.0-15.el8.src.rpm
    MD5: 0884c5c4fa80e698898d9a48e029ca1d
    SHA-256: 75ce8c7dc7da07b7ae392a3f86d351fee4ec0bff19a93b085f514b08ea8561c0
    Size: 1.55 MB

Asianux Server 8 for x86_64
  1. tigervnc-1.12.0-15.el8.x86_64.rpm
    MD5: 90c54ace06e221477e1bf1d0be41fb1b
    SHA-256: 3674aa1ca32e0e8cf940e2029c4d3840961af8a287d9c0097578ca85c55c9cd0
    Size: 342.03 kB
  2. tigervnc-icons-1.12.0-15.el8.noarch.rpm
    MD5: f02640d5e516f8d92cbf0f2bfed5fee7
    SHA-256: 5addf7923db07bd24486058fbef77f6debbaf20d7ab2c58f7f691b74f37b1f6c
    Size: 46.75 kB
  3. tigervnc-license-1.12.0-15.el8.noarch.rpm
    MD5: 023655c6ed1a92f8aad9bb32ea72d19a
    SHA-256: 56e978a7bf29d90dbc6a2100960be314b322bbce42690ec05e8bd03e81bc8702
    Size: 40.00 kB
  4. tigervnc-selinux-1.12.0-15.el8.noarch.rpm
    MD5: 366179cb2d06e22426dfe99d57416d5a
    SHA-256: 2ec32339b50a77e6f2cc193f9b877e382549986f207233a28bc2ffa035c96e75
    Size: 48.60 kB
  5. tigervnc-server-1.12.0-15.el8.x86_64.rpm
    MD5: c23a3bd9ae17529a974efdd081b5ccb1
    SHA-256: eb291ea1285369d6891021962fcdf9f17b07119c8eecfdf64ca11e7adde93218
    Size: 286.37 kB
  6. tigervnc-server-minimal-1.12.0-15.el8.x86_64.rpm
    MD5: b2a074260f1bba6eaa38d33a3734df7c
    SHA-256: a7c5e2f9e0d3f595e7d25c3cb6ee27ddece36cba6e365279f6b1a612ca8dc291
    Size: 1.12 MB
  7. tigervnc-server-module-1.12.0-15.el8.x86_64.rpm
    MD5: 1c97a5d7e64f2ce6378cadcd7b2cfef9
    SHA-256: ed73f4bb53cfd21a919f90068d44ef6935e90b23e8aa8bffb6fa496b43a3647d
    Size: 261.86 kB