tigervnc-1.8.0-26.0.1.el7.AXS7

エラータID: AXSA:2023-6586:11

Release date: 
Monday, November 27, 2023 - 11:31
Subject: 
tigervnc-1.8.0-26.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

* xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty (CVE-2023-5367)
* xorg-x11-server: Use-after-free bug in DestroyWindow (CVE-2023-5380)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-5367
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.
CVE-2023-5380
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.

Solution: 

Update packages.

CVEs: 
CVE-2023-5367
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.
CVE-2023-5380
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.
Additional Info: 

N/A

Download: 

SRPMS
  1. tigervnc-1.8.0-26.0.1.el7.AXS7.src.rpm
    MD5: 35d0cfa27f3b2154847e0400fff08371
    SHA-256: dfa2c55a5923878f716982fd2e7ec5d0d94144b375af2e586888d667a64638bb
    Size: 1.46 MB

Asianux Server 7 for x86_64
  1. tigervnc-1.8.0-26.0.1.el7.AXS7.x86_64.rpm
    MD5: af3184b24735bda2a980d8c15792520e
    SHA-256: 4f0d06c1b44876418362b4f367784ff59e68829ae7503a61c05908afef9ce5e6
    Size: 236.45 kB
  2. tigervnc-icons-1.8.0-26.0.1.el7.AXS7.noarch.rpm
    MD5: cb7167e70a8e532d04b6c8b088929215
    SHA-256: 64ecc3f1e5c2093f7fb5529b0e15cb765745eecf602942b74b09ab401718b2fe
    Size: 39.82 kB
  3. tigervnc-license-1.8.0-26.0.1.el7.AXS7.noarch.rpm
    MD5: a4df2ddf2392d9d5b024cd2aa32afd4a
    SHA-256: 9182a73f881ef8b3f0369cf03d4d7eabe29251c1290503acf91460e18368659f
    Size: 30.57 kB
  4. tigervnc-server-1.8.0-26.0.1.el7.AXS7.x86_64.rpm
    MD5: 5be7a70ead7279b3a7ea78993e18b1f3
    SHA-256: 47b49cb8ccec957192d7117e89154f0a464071c99c99de0a9b591ef20bff7131
    Size: 211.62 kB
  5. tigervnc-server-minimal-1.8.0-26.0.1.el7.AXS7.x86_64.rpm
    MD5: 26f5be923969ef7f1221f8e1602c4ded
    SHA-256: 4c93f2d6ccecad34b72d86b8f45d7bb45a4ce70d0bd4d3ab0fad6afd3d3cee76
    Size: 1.04 MB