tigervnc-1.13.1-2.el8_9.7.ML.1

エラータID: AXSA:2024-7494:04

リリース日: 
2024/02/01 Thursday - 14:09
題名: 
tigervnc-1.13.1-2.el8_9.7.ML.1
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- X.Org の Xserver には、X11 プロトコル上許容されている
マウスボタン数よりも少ないボタン数分のメモリ領域しか確保
していないことに起因するヒープ領域のオーバーフローの問題
があるため、ローカルの攻撃者により、細工された
DeviceFocusEvent もしくは XIQueryPointer メッセージを
介して、メモリ破壊、およびサービス拒否攻撃を可能とする
脆弱性が存在します。(CVE-2023-6816)

現時点では下記の CVE の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。

CVE-2024-0229
CVE-2024-21885
CVE-2024-21886

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2023-6816
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.
CVE-2024-0229
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2024-21885
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2024-21886
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. tigervnc-1.13.1-2.el8_9.7.ML.1.src.rpm
    MD5: 5a545ba8c7715b3bb85110548cb0304f
    SHA-256: b21c2d113e02ab859fba7df9572a9db4f7c7d80d007a779fdda412e1c31c2634
    Size: 1.97 MB

Asianux Server 8 for x86_64
  1. tigervnc-1.13.1-2.el8_9.7.ML.1.x86_64.rpm
    MD5: 227eb7444edeba54173d41363ed28470
    SHA-256: 9410f18c07268ecbc6645fd2f62ef57b02553fa14dceab10793c32175997c277
    Size: 352.49 kB
  2. tigervnc-icons-1.13.1-2.el8_9.7.ML.1.noarch.rpm
    MD5: 18a06762ca4beb98f6c7cdd24d3e6bf3
    SHA-256: 4dea623b64f45007bad573a048337276010973737424d09c1d3ec7be9d26897c
    Size: 59.39 kB
  3. tigervnc-license-1.13.1-2.el8_9.7.ML.1.noarch.rpm
    MD5: a085a453623fc10f527cba6b4f2e5cac
    SHA-256: 0dec1c45c96200b1463f7a1f42c52782f298895dcecfeee14dc15f494b771170
    Size: 39.77 kB
  4. tigervnc-selinux-1.13.1-2.el8_9.7.ML.1.noarch.rpm
    MD5: e1cd1063582b89cd73809fe34bc44500
    SHA-256: d6607f3fb28eccb555d5922c972a7ef5e27fcd901e920c5bdbe85c135dd5d7ca
    Size: 48.35 kB
  5. tigervnc-server-1.13.1-2.el8_9.7.ML.1.x86_64.rpm
    MD5: fc17efd2a0099f544d229da370b952d2
    SHA-256: ca340598cf9972e3da85188183a3d157ddc9da23f9f9045e672b05149954cb28
    Size: 276.86 kB
  6. tigervnc-server-minimal-1.13.1-2.el8_9.7.ML.1.x86_64.rpm
    MD5: 69fac159913bc07aad3a98acf31a3ec1
    SHA-256: fc16438173bce06a246181d5dbb934432c7f4a065f31bf4ea2a3b8315da587ec
    Size: 1.12 MB
  7. tigervnc-server-module-1.13.1-2.el8_9.7.ML.1.x86_64.rpm
    MD5: e0615bdbe6e07fe6ba0d75d6efdd0060
    SHA-256: fa8a8c9f474d303454dd33fe59e8bdd284c6a3a02dba48cfbefbff15d9d73001
    Size: 272.00 kB