tigervnc-1.8.0-33.0.1.el7.AXS7
エラータID: AXSA:2024-7733:08
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.
Security Fix(es):
* xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents
(CVE-2024-31080)
* xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice
(CVE-2024-31081)
* xorg-x11-server: User-after-free in ProcRenderAddGlyphs (CVE-2024-31083)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2024-31080
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
CVE-2024-31081
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
CVE-2024-31083
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.
Update packages.
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.
N/A
SRPMS
- tigervnc-1.8.0-33.0.1.el7.AXS7.src.rpm
MD5: 4bafe173301f9609c7ef2f888d60bdc0
SHA-256: cdf1b541474f34aea21661cb44d649604c854fe3e364ffebb0e8bb159edd7b29
Size: 1.47 MB
Asianux Server 7 for x86_64
- tigervnc-1.8.0-33.0.1.el7.AXS7.x86_64.rpm
MD5: 05a888a31139628c13fe077a1cab1796
SHA-256: e135816e6e5ad7dc5852b3a457e47bdec164088438ec2ff5a86bcbf817b822ae
Size: 238.83 kB - tigervnc-icons-1.8.0-33.0.1.el7.AXS7.noarch.rpm
MD5: 913d73f2f8c0dc608a5fd87c7428d66e
SHA-256: b4a9abd731cdfa947301e7841e1007bdef50dc0eaf6aeb523f694dc3173d32c3
Size: 42.19 kB - tigervnc-license-1.8.0-33.0.1.el7.AXS7.noarch.rpm
MD5: 35c1b25f71934cb4c8caff4a2551b6ac
SHA-256: e6a61064bb033de199dc314662b997d88f004d8173f499be812e39410bf145ee
Size: 32.94 kB - tigervnc-server-1.8.0-33.0.1.el7.AXS7.x86_64.rpm
MD5: c4cfc0a8a2a96fd3c84699b351f17ddf
SHA-256: b293437d56933c04daa66f80f57ec9a2e28c9d2b536abefa2f170a3b9425cd15
Size: 213.98 kB - tigervnc-server-minimal-1.8.0-33.0.1.el7.AXS7.x86_64.rpm
MD5: b56ec12f1ed05f336773e07e056f2160
SHA-256: c100b43717b35159a09d0661d01737638c360bb495ba94dfcb6a674bae1877fa
Size: 1.04 MB
日本語