tigervnc-1.14.1-9.el9_6.ML.1
エラータID: AXSA:2025-11092:08
リリース日:
2025/11/13 Thursday - 11:39
題名:
tigervnc-1.14.1-9.el9_6.ML.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- X.org には、メモリ領域の解放後利用の問題があるため、ローカル
の攻撃者により、任意のコードの実行、およびサービス拒否攻撃
(クラッシュの発生) を可能とする脆弱性が存在します。
(CVE-2025-62229)
- X.org の Xkb 拡張機能には、メモリ領域の解放後利用の問題が
あるため、ローカルの攻撃者により、メモリ破壊、およびサービス
拒否攻撃 (クラッシュの発生) を可能とする脆弱性が存在します。
(CVE-2025-62230)
- X.org の Xkb 拡張機能には、整数オーバーフローの問題があるため、
ローカルの攻撃者により、メモリ破壊、およびサービス拒否攻撃
(クラッシュの発生) を可能とする脆弱性が存在します。
(CVE-2025-62231)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-62229
A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service.
A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service.
CVE-2025-62230
A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect.
A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect.
CVE-2025-62231
A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.
A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.
追加情報:
N/A
ダウンロード:
SRPMS
- tigervnc-1.14.1-9.el9_6.ML.1.src.rpm
MD5: 9be90e07c804a03821c374d2ea6125e6
SHA-256: b66509878dbf8c92b2540cee123ab0f1502bb1bedcd45c740bc4ff98f7f853fb
Size: 2.05 MB
Asianux Server 9 for x86_64
- tigervnc-1.14.1-9.el9_6.ML.1.x86_64.rpm
MD5: c8d7b356be7b1f12141022c4441c696c
SHA-256: f3b5c2f784b1f3b9208b0baee78bdce3a0c74391dd71e03778af7ff91126c438
Size: 354.36 kB - tigervnc-icons-1.14.1-9.el9_6.ML.1.noarch.rpm
MD5: 2f9d53fabcedf6599f04d9be61d627f3
SHA-256: b2d80d49680f67ef29db867244337132c185493c7de5ce974e609f81b7d824d1
Size: 38.50 kB - tigervnc-license-1.14.1-9.el9_6.ML.1.noarch.rpm
MD5: eda93262b20a589b2daf09e5138a105e
SHA-256: ee6668caf18e8d949e712458c222b3f6b1f3ac7c3764e64bdc35e7bf6979eab5
Size: 18.43 kB - tigervnc-selinux-1.14.1-9.el9_6.ML.1.noarch.rpm
MD5: 4ef998e97092032a424f29ad10d0f612
SHA-256: e2a1692dcbf5245f17d8649e3190cb88b4d996d3a01d8fcabc4099f59855b743
Size: 29.03 kB - tigervnc-server-1.14.1-9.el9_6.ML.1.x86_64.rpm
MD5: a34cd8c81393ad2da3289f61eaf321ae
SHA-256: 6aa93ac3cb8ee06bcaebf377d4f5582270ee76295cffe52c2e137512ba56ffb8
Size: 261.16 kB - tigervnc-server-minimal-1.14.1-9.el9_6.ML.1.x86_64.rpm
MD5: 2568649f819e72a2f350f3d570fff444
SHA-256: 70ef8960dee274782ef839c1c6cd323d29cd78827d054022f92266ffd6f94e3f
Size: 1.17 MB - tigervnc-server-module-1.14.1-9.el9_6.ML.1.x86_64.rpm
MD5: e1eb61c4b578854e9d75f77e3a242e49
SHA-256: 3e3fe29efaf234276f65e390ea4099f1baf6e2720a13258fb8282ecf880c1f41
Size: 280.10 kB
English