tigervnc-1.13.1-8.el9.3
エラータID: AXSA:2024-8106:09
リリース日:
2024/06/03 Monday - 18:05
題名:
tigervnc-1.13.1-8.el9.3
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- X.org の ProcXIGetSelectedEvents() 関数には、ヒープ領域の
範囲外読み取りの問題があるため、ローカルの攻撃者により、
異なるエンディアンのアーキテクチャを持つクライアントから
の操作を介して、情報の漏洩、およびサービス拒否攻撃を可能
とする脆弱性が存在します。(CVE-2024-31080)
- X.org の ProcXIPassiveGrabDevice() 関数には、ヒープ領域の
範囲外読み取りの問題があるため、ローカルの攻撃者により、
異なるエンディアンのアーキテクチャを持つクライアントから
の操作を介して、情報の漏洩、およびサービス拒否攻撃を可能
とする脆弱性が存在します。(CVE-2024-31081)
- X.org の ProcRenderAddGlyphs() 関数には、メモリ領域の
解放後利用の問題があるため、認証されたローカルの攻撃者
により、細工されたリクエストの送信を介して、任意のコード
の実行を可能とする脆弱性が存在します。(CVE-2024-31083)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-31080
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
CVE-2024-31081
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
CVE-2024-31083
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.
CVE-2023-5380
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.
CVE-2023-5574
A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.
A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.
追加情報:
N/A
ダウンロード:
SRPMS
- tigervnc-1.13.1-8.el9.3.src.rpm
MD5: d2ef0240a3edb77e2340c9f1b781a038
SHA-256: 0236d2642d8c8efe36c81b2fef994716f778adda703c147c1a16c86424d13eba
Size: 1.94 MB
Asianux Server 9 for x86_64
- tigervnc-1.13.1-8.el9.3.x86_64.rpm
MD5: f1a96cc999e3972a0f454c4f120e7806
SHA-256: 61c051b030f4dd687a294d3a91fd511373407c433b35209cab1935ad1675ffa2
Size: 301.04 kB - tigervnc-icons-1.13.1-8.el9.3.noarch.rpm
MD5: dc27580664a2cc30bfcefc9e2594bc6c
SHA-256: 0c6193cb3a9b5e81aa2ce24c2c56fd238396f5e7c83e64c94af688c40bf78d2b
Size: 36.62 kB - tigervnc-license-1.13.1-8.el9.3.noarch.rpm
MD5: a88b413f9e55ca6d06590c8f4d7aba32
SHA-256: d04294421a06d348b01e157ba464d52f5834cb189afd5be0bcdc4fabd9e8094e
Size: 16.54 kB - tigervnc-selinux-1.13.1-8.el9.3.noarch.rpm
MD5: 57a38f55ffd2a7e7f370fbab7babdfc2
SHA-256: 9afbd688bf4b09d1b2d1b42033f35d06652db11eb05b5bf17b5634f50094acb0
Size: 26.37 kB - tigervnc-server-1.13.1-8.el9.3.x86_64.rpm
MD5: 2f8e544826ccd9f049b131bc3a3a5efb
SHA-256: 338c2a828a562e0ab667d778aa6a2a5ecebcf42c5422e2e39029af883ec3cb5e
Size: 221.76 kB - tigervnc-server-minimal-1.13.1-8.el9.3.x86_64.rpm
MD5: a59fb70f2c4b3825e88ea0c1b611088e
SHA-256: 24375819723b4b43f304b4ac9e13cf1cc86d90ee78e6dd15ed0bded19fe48839
Size: 1.13 MB - tigervnc-server-module-1.13.1-8.el9.3.x86_64.rpm
MD5: 834932b20d2f7956700d6c1bfda00ff4
SHA-256: fb79e66d6b596de08cd5999bdfa6e424c6228eba436ceea201e254a93934340d
Size: 245.76 kB