tigervnc-1.13.1-10.el8
エラータID: AXSA:2024-8341:11
リリース日:
2024/06/18 Tuesday - 16:04
題名:
tigervnc-1.13.1-10.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- X.org の ProcXIGetSelectedEvents() 関数には、ヒープ領域
の範囲外読み取りの問題があるため、ローカルの攻撃者により、
異なるエンディアンのアーキテクチャを持つクライアントから
の操作を介して、情報の漏洩、およびサービス拒否攻撃を可能
とする脆弱性が存在します。(CVE-2024-31080)
- X.org の ProcXIPassiveGrabDevice() 関数には、ヒープ領域
の範囲外読み取りの問題があるため、ローカルの攻撃者により、
異なるエンディアンのアーキテクチャを持つクライアントから
の操作を介して、情報の漏洩、およびサービス拒否攻撃を可能
とする脆弱性が存在します。(CVE-2024-31081)
- X.org の ProcRenderAddGlyphs() 関数には、メモリ領域の
解放後利用の問題があるため、認証されたローカルの攻撃者
により、細工されたリクエストの送信を介して、任意のコード
の実行を可能とする脆弱性が存在します。(CVE-2024-31083)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-31080
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
CVE-2024-31081
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
CVE-2024-31083
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.
追加情報:
N/A
ダウンロード:
SRPMS
- tigervnc-1.13.1-10.el8.src.rpm
MD5: 2b4f9ba3fe4958d247de35a0cb15d599
SHA-256: 38c44eb4eac29f2364af65ed0525095863d15ca0d161423e46188c56ead3e6fa
Size: 1.96 MB
Asianux Server 8 for x86_64
- tigervnc-1.13.1-10.el8.x86_64.rpm
MD5: a353b2ff727d66338f9cfdc6ce490def
SHA-256: 24fd16afd284d0a48b343fc61522b7601bb5a455ca5503d6dd21739f78ca889e
Size: 354.09 kB - tigervnc-icons-1.13.1-10.el8.noarch.rpm
MD5: 2db3df7b3473b20d610a44cd3f3e1dab
SHA-256: d9fd41c4f7c498d5a1d653610c9931c3e27a85d8d94b74dc954a4c7d6b493a6e
Size: 60.94 kB - tigervnc-license-1.13.1-10.el8.noarch.rpm
MD5: 42b6d2d62f3cbfc17a4e8ee2f6bf8870
SHA-256: fa63ee8b904de162ea338c27af8c328e719f32f4d9c6b6189ba4378164773d4f
Size: 41.32 kB - tigervnc-selinux-1.13.1-10.el8.noarch.rpm
MD5: e92ac5db526157478766a7a95052745f
SHA-256: 246d915e255b9d88476c3e483d3434eb2be50c93560b7e77c1822dceac2c42ff
Size: 49.90 kB - tigervnc-server-1.13.1-10.el8.x86_64.rpm
MD5: 858dbe56b27cad38cf8f8b2d7cdaecbf
SHA-256: 980c82d09fff7676a71c6828b802be63e8145f42d981f41cfc88746de9279e6a
Size: 279.34 kB - tigervnc-server-minimal-1.13.1-10.el8.x86_64.rpm
MD5: 153a70c85e14a152304425619629509a
SHA-256: 69b1ae6db4e74e59343480b0023796d42208daae2f8f6c5c2f5e34e4a9928b20
Size: 1.13 MB - tigervnc-server-module-1.13.1-10.el8.x86_64.rpm
MD5: 907771f6f63ab810c2bf48fde57a9f98
SHA-256: c838a3f4f90d731d5981d58a4f7593c0105ce09bb7fcd8fe5408cdd88b060b37
Size: 274.50 kB
English