tigervnc-1.13.1-3.el9_3.3.ML.1

エラータID: AXSA:2024-7399:03

Release date: 
Tuesday, January 16, 2024 - 00:37
Subject: 
tigervnc-1.13.1-3.el9_3.3.ML.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

Virtual Network Computing (VNC) is a remote display system which allows users to
view a computing desktop environment not only on the machine where it is
running, but from anywhere on the Internet and from a wide variety of machine
architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

xorg-x11-server: Out-of-bounds write in
XIChangeDeviceProperty/RRChangeOutputProperty (CVE-2023-5367)
xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions
(CVE-2023-6377)
xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and
RRChangeProviderProperty (CVE-2023-6478)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE(s):
CVE-2023-5367
CVE-2023-6377
CVE-2023-6478

Solution: 

Update packages.

CVEs: 
CVE-2023-5367
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.
CVE-2023-6377
A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.
CVE-2023-6478
A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.
Additional Info: 

N/A

Download: 

SRPMS
  1. tigervnc-1.13.1-3.el9_3.3.ML.1.src.rpm
    MD5: f365f9e86d3c7dc556c1c0eafa25bbe6
    SHA-256: a84f67b3121e26eede4c5dc949275d4455a2638f70950dfcfaa78d5054e31ffc
    Size: 1.93 MB

Asianux Server 9 for x86_64
  1. tigervnc-1.13.1-3.el9_3.3.ML.1.x86_64.rpm
    MD5: f02b33526fdc992a6eab4ecab3100a37
    SHA-256: aac4f97e2a1b8d94d2cd8cdc4d883bc547e89ef433564845d134b55e748cb505
    Size: 297.65 kB
  2. tigervnc-icons-1.13.1-3.el9_3.3.ML.1.noarch.rpm
    MD5: cc46c1c28e317690ee0971952b690821
    SHA-256: 0b82eb43943706f30ee023f4f205591b65288b41ef91877f04389a3e22e2e811
    Size: 33.33 kB
  3. tigervnc-license-1.13.1-3.el9_3.3.ML.1.noarch.rpm
    MD5: e75e4954041c7a99a0fc7e8e021101d2
    SHA-256: 0b757c6791cccb5dd2cf1194bd503694db90cc6f0eca5ebef5cafde0f56ca3b0
    Size: 13.25 kB
  4. tigervnc-selinux-1.13.1-3.el9_3.3.ML.1.noarch.rpm
    MD5: 58afbe9b39be6c14de52037db470a9cc
    SHA-256: d096a7423c402ba859776b57bc794867f6b18c627b50ae5f738aae200f3a2c77
    Size: 21.80 kB
  5. tigervnc-server-1.13.1-3.el9_3.3.ML.1.x86_64.rpm
    MD5: b0825fa98cabb138d605a6ca46b334c0
    SHA-256: 170c51f1c5fc380879e0155422d6c96f5a73a6b2c9ec96d084f890caaf3a3f00
    Size: 217.05 kB
  6. tigervnc-server-minimal-1.13.1-3.el9_3.3.ML.1.x86_64.rpm
    MD5: a053de3066a295ea48745c317f443661
    SHA-256: af0599c09e4a3ddb1506cd7eb803ea436f06afd5795462fb0d40a6b42b3d573a
    Size: 1.13 MB
  7. tigervnc-server-module-1.13.1-3.el9_3.3.ML.1.x86_64.rpm
    MD5: 204634f66b00ff1188e757c3a9123d1d
    SHA-256: 38ee41689c8362db28b1ac67b5d57414298d385fbf8f394f406a227e4a80d8ca
    Size: 241.59 kB