tigervnc-1.8.0-26.0.1.el7.AXS7
エラータID: AXSA:2023-6586:11
リリース日:
2023/11/27 Monday - 11:31
題名:
tigervnc-1.8.0-26.0.1.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- X.Org の Xi/xiproperty.c の XIChangeDeviceProperty() 関数および
randr/rrproperty.c の RRChangeOutputProperty() 関数には、ヒープ
領域の範囲外書き込みの問題があるため、ローカルの攻撃者により、
特権の昇格、およびサービス拒否攻撃を可能とする脆弱性が存在
します。(CVE-2023-5367)
- X.Org には、メモリ領域の解放後利用の問題があるため、ローカル
の攻撃者により、複数の画面を持つ特定の構成下でのマウスポインタ
の移動を介して、サービス拒否攻撃 (クラッシュの発生) を可能とする
脆弱性が存在します。(CVE-2023-5380)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-5367
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.
CVE-2023-5380
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.
追加情報:
N/A
ダウンロード:
SRPMS
- tigervnc-1.8.0-26.0.1.el7.AXS7.src.rpm
MD5: 35d0cfa27f3b2154847e0400fff08371
SHA-256: dfa2c55a5923878f716982fd2e7ec5d0d94144b375af2e586888d667a64638bb
Size: 1.46 MB
Asianux Server 7 for x86_64
- tigervnc-1.8.0-26.0.1.el7.AXS7.x86_64.rpm
MD5: af3184b24735bda2a980d8c15792520e
SHA-256: 4f0d06c1b44876418362b4f367784ff59e68829ae7503a61c05908afef9ce5e6
Size: 236.45 kB - tigervnc-icons-1.8.0-26.0.1.el7.AXS7.noarch.rpm
MD5: cb7167e70a8e532d04b6c8b088929215
SHA-256: 64ecc3f1e5c2093f7fb5529b0e15cb765745eecf602942b74b09ab401718b2fe
Size: 39.82 kB - tigervnc-license-1.8.0-26.0.1.el7.AXS7.noarch.rpm
MD5: a4df2ddf2392d9d5b024cd2aa32afd4a
SHA-256: 9182a73f881ef8b3f0369cf03d4d7eabe29251c1290503acf91460e18368659f
Size: 30.57 kB - tigervnc-server-1.8.0-26.0.1.el7.AXS7.x86_64.rpm
MD5: 5be7a70ead7279b3a7ea78993e18b1f3
SHA-256: 47b49cb8ccec957192d7117e89154f0a464071c99c99de0a9b591ef20bff7131
Size: 211.62 kB - tigervnc-server-minimal-1.8.0-26.0.1.el7.AXS7.x86_64.rpm
MD5: 26f5be923969ef7f1221f8e1602c4ded
SHA-256: 4c93f2d6ccecad34b72d86b8f45d7bb45a4ce70d0bd4d3ab0fad6afd3d3cee76
Size: 1.04 MB
English