tigervnc-1.8.0-31.0.1.el7.AXS7

エラータID: AXSA:2024-7502:06

Release date: 
Monday, February 5, 2024 - 09:07
Subject: 
tigervnc-1.8.0-31.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

* xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (CVE-2023-6816)
* xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access (CVE-2024-0229)
* xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent (CVE-2024-21885)
* xorg-x11-server: heap buffer overflow in DisableDevice (CVE-2024-21886)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-6816
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.
CVE-2024-0229
RESERVED
CVE-2024-21885
RESERVED
CVE-2024-21886
RESERVED

Solution: 

Update packages.

CVEs: 
CVE-2023-6816
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.
CVE-2024-0229
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2024-21885
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2024-21886
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. tigervnc-1.8.0-31.0.1.el7.AXS7.src.rpm
    MD5: a62a8d6f000605bff256c6da5e436f3b
    SHA-256: 331381e390b922ff5a88f20757ff8bc3888e628f819f85ba140d06634d151f1e
    Size: 1.47 MB

Asianux Server 7 for x86_64
  1. tigervnc-1.8.0-31.0.1.el7.AXS7.x86_64.rpm
    MD5: eaa4ffad770c8a6a60b18792c0336198
    SHA-256: 76a7b6250ba48c5b1b77fbcb8d770512f51d3bbeba15305020458862061072a8
    Size: 238.16 kB
  2. tigervnc-icons-1.8.0-31.0.1.el7.AXS7.noarch.rpm
    MD5: 4fac04a64125a3d2323a0c0190b89c85
    SHA-256: 65a0c31a87020332e8adca90da76c4cb3abbb747e14d74f987d009d69ea0a693
    Size: 41.52 kB
  3. tigervnc-license-1.8.0-31.0.1.el7.AXS7.noarch.rpm
    MD5: ca2f409f898f07c0a82e91e4def0af80
    SHA-256: b4cd8e80b8b35b684e2612db9c8028a0a2637de5f4b8950ce3c1ebc0b359ed8a
    Size: 32.27 kB
  4. tigervnc-server-1.8.0-31.0.1.el7.AXS7.x86_64.rpm
    MD5: 1b0ef941924e3edf904a42dd343f4cf7
    SHA-256: 789eb1afeedc2eba901ae8058c102e8cfc2d8d8a867f62885d642b65fbc0376c
    Size: 213.32 kB
  5. tigervnc-server-minimal-1.8.0-31.0.1.el7.AXS7.x86_64.rpm
    MD5: d99acb60bde80105b4b5506828b7ef0f
    SHA-256: 3646763083baf7832fc3eefe4f0b2e881e78acc60389395dead6e120d8dbbea7
    Size: 1.04 MB