tigervnc-1.13.1-2.el8_9.10.ML.1
エラータID: AXSA:2024-7730:07
リリース日:
2024/04/30 Tuesday - 11:04
題名:
tigervnc-1.13.1-2.el8_9.10.ML.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- X.org の ProcXIGetSelectedEvents() 関数には、ヒープ領域
の範囲外読み取りの問題があるため、ローカルの攻撃者により、
異なるエンディアンのアーキテクチャを持つクライアントから
の操作を介して、情報の漏洩、およびサービス拒否攻撃を可能
とする脆弱性が存在します。(CVE-2024-31080)
- X.org の ProcXIPassiveGrabDevice() 関数には、ヒープ領域
の範囲外読み取りの問題があるため、ローカルの攻撃者により、
異なるエンディアンのアーキテクチャを持つクライアントから
の操作を介して、情報の漏洩、およびサービス拒否攻撃を可能
とする脆弱性が存在します。(CVE-2024-31081)
- X.org の ProcRenderAddGlyphs() 関数には、メモリ領域の
解放後利用の問題があるため、認証されたローカルの攻撃者
により、細工されたリクエストの送信を介して、任意のコード
の実行を可能とする脆弱性が存在します。(CVE-2024-31083)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-31080
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
CVE-2024-31081
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
CVE-2024-31083
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.
追加情報:
N/A
ダウンロード:
SRPMS
- tigervnc-1.13.1-2.el8_9.10.ML.1.src.rpm
MD5: fff8edd1e4c9af01e73f9d8f855bdbd2
SHA-256: e50082e89b60a640742ee4377d46ad44d15d5d151b369543fd37eaab84b23700
Size: 1.97 MB
Asianux Server 8 for x86_64
- tigervnc-1.13.1-2.el8_9.10.ML.1.x86_64.rpm
MD5: e296a81b765f3374006f2f6e64618b6b
SHA-256: 0601f4e2340dd666463690862d8f0ad5e559f13e817a4c9ac6d64d565892f913
Size: 352.59 kB - tigervnc-icons-1.13.1-2.el8_9.10.ML.1.noarch.rpm
MD5: 8fb1eec93f0a12d07d7684ec0ac2cee2
SHA-256: a63d9c1705a0b4d1a92dd81beb7dd3ff86e4489e5454ad1c8643b58f9ed4d9e5
Size: 59.53 kB - tigervnc-license-1.13.1-2.el8_9.10.ML.1.noarch.rpm
MD5: b0af04974ec8a83ef08575e98837b692
SHA-256: 4777fe7d089a8382324e08f91bb258aa8d030befd4a260aa738834e915c4c672
Size: 39.91 kB - tigervnc-selinux-1.13.1-2.el8_9.10.ML.1.noarch.rpm
MD5: 730c85ec0d6db2adb3de1bb131223196
SHA-256: e6ab82711e46b5b536434295452f4f80216ec51fe1d4752294e2f3bd23539fdf
Size: 48.48 kB - tigervnc-server-1.13.1-2.el8_9.10.ML.1.x86_64.rpm
MD5: dfb28e7b0834e1ba0b11ab41d79e71b8
SHA-256: f7595a7c1af96713e635595823b2471965f42d22d4ca2503420d6ee5e2e95c16
Size: 277.01 kB - tigervnc-server-minimal-1.13.1-2.el8_9.10.ML.1.x86_64.rpm
MD5: 65c14d9d0966c6a132bcc136f804925e
SHA-256: bad108493d092a330c82d7ed7034962fa23b705aa79c71fc80ba1f0c7ee8e11b
Size: 1.12 MB - tigervnc-server-module-1.13.1-2.el8_9.10.ML.1.x86_64.rpm
MD5: 2127de935b5724f3919a27938e657da2
SHA-256: a8c3564d5db8ec55bdd9b2685746e3e7f3a0fef288396844a65a94b86ad300ee
Size: 272.12 kB