tigervnc-1.8.0-31.0.1.el7.AXS7
エラータID: AXSA:2024-7502:06
リリース日:
2024/02/05 Monday - 09:07
題名:
tigervnc-1.8.0-31.0.1.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- X.Org の Xserver には、X11 プロトコル上許容されている
マウスボタン数よりも少ないボタン数分のメモリ領域しか
確保していないことに起因するヒープ領域のオーバーフロー
の問題があるため、ローカルの攻撃者により、細工された
DeviceFocusEvent もしくは XIQueryPointer メッセージを
介して、メモリ破壊、およびサービス拒否攻撃を可能とする
脆弱性が存在します。(CVE-2023-6816)
現時点では下記の CVE の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
CVE-2024-0229
CVE-2024-21885
CVE-2024-21886
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-6816
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.
CVE-2024-0229
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2024-21885
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2024-21886
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
追加情報:
N/A
ダウンロード:
SRPMS
- tigervnc-1.8.0-31.0.1.el7.AXS7.src.rpm
MD5: a62a8d6f000605bff256c6da5e436f3b
SHA-256: 331381e390b922ff5a88f20757ff8bc3888e628f819f85ba140d06634d151f1e
Size: 1.47 MB
Asianux Server 7 for x86_64
- tigervnc-1.8.0-31.0.1.el7.AXS7.x86_64.rpm
MD5: eaa4ffad770c8a6a60b18792c0336198
SHA-256: 76a7b6250ba48c5b1b77fbcb8d770512f51d3bbeba15305020458862061072a8
Size: 238.16 kB - tigervnc-icons-1.8.0-31.0.1.el7.AXS7.noarch.rpm
MD5: 4fac04a64125a3d2323a0c0190b89c85
SHA-256: 65a0c31a87020332e8adca90da76c4cb3abbb747e14d74f987d009d69ea0a693
Size: 41.52 kB - tigervnc-license-1.8.0-31.0.1.el7.AXS7.noarch.rpm
MD5: ca2f409f898f07c0a82e91e4def0af80
SHA-256: b4cd8e80b8b35b684e2612db9c8028a0a2637de5f4b8950ce3c1ebc0b359ed8a
Size: 32.27 kB - tigervnc-server-1.8.0-31.0.1.el7.AXS7.x86_64.rpm
MD5: 1b0ef941924e3edf904a42dd343f4cf7
SHA-256: 789eb1afeedc2eba901ae8058c102e8cfc2d8d8a867f62885d642b65fbc0376c
Size: 213.32 kB - tigervnc-server-minimal-1.8.0-31.0.1.el7.AXS7.x86_64.rpm
MD5: d99acb60bde80105b4b5506828b7ef0f
SHA-256: 3646763083baf7832fc3eefe4f0b2e881e78acc60389395dead6e120d8dbbea7
Size: 1.04 MB
English