tigervnc-1.15.0-8.el8_10.ML.1
エラータID: AXSA:2025-11094:09
リリース日:
2025/11/13 Thursday - 18:40
題名:
tigervnc-1.15.0-8.el8_10.ML.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- X.org には、メモリ領域の解放後利用の問題があるため、ローカル
の攻撃者により、任意のコードの実行、およびサービス拒否攻撃
(クラッシュの発生) を可能とする脆弱性が存在します。
(CVE-2025-62229)
- X.org の Xkb 拡張機能には、メモリ領域の解放後利用の問題が
あるため、ローカルの攻撃者により、メモリ破壊、およびサービス
拒否攻撃 (クラッシュの発生) を可能とする脆弱性が存在します。
(CVE-2025-62230)
- X.org の Xkb 拡張機能には、整数オーバーフローの問題があるため、
ローカルの攻撃者により、メモリ破壊、およびサービス拒否攻撃
(クラッシュの発生) を可能とする脆弱性が存在します。
(CVE-2025-62231)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-62229
A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service.
A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service.
CVE-2025-62230
A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect.
A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect.
CVE-2025-62231
A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.
A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.
追加情報:
N/A
ダウンロード:
SRPMS
- tigervnc-1.15.0-8.el8_10.ML.1.src.rpm
MD5: 90eeb5d96c5f2e69086483c9e27cdede
SHA-256: 7fa5eb0ecb034f906cc596fe86c4130d44862516e120d26d0550a84117101b00
Size: 2.11 MB
Asianux Server 8 for x86_64
- tigervnc-1.15.0-8.el8_10.ML.1.x86_64.rpm
MD5: b86001d0f58bc266d8e670b1a39e63af
SHA-256: 11b6f2d7d7fd912282edf0271c38dbe0a08110b76d68195d3dbe73431b67bdf5
Size: 407.78 kB - tigervnc-icons-1.15.0-8.el8_10.ML.1.noarch.rpm
MD5: ade2ea1a5cabf9fcff4646a9e4420b49
SHA-256: 5aa7112c14937fb8ae2e1a2ce415376cba9ea34be3bebca0d51fd4b7c9f1319c
Size: 64.41 kB - tigervnc-license-1.15.0-8.el8_10.ML.1.noarch.rpm
MD5: b6422c6bb86667df6a7e8ea997ce1d8e
SHA-256: 3858e26d7d36ed41a3581eaa6416cff58348a467b07c7bb3be5f5ecaa0dbd89b
Size: 44.80 kB - tigervnc-selinux-1.15.0-8.el8_10.ML.1.noarch.rpm
MD5: 923be91f743e499c9d03fb008f422826
SHA-256: dc1dc43397bf53449c1732d0f3217d53867f2361ac55af09549b8b6c305f179a
Size: 54.03 kB - tigervnc-server-1.15.0-8.el8_10.ML.1.x86_64.rpm
MD5: 5e0b5331d5bae7cf98ed9a9ec26a6c33
SHA-256: a0e331ab85f0093f8b6a456e053ab88b46b99e531cd0290740c946bf3b1ce6c6
Size: 315.71 kB - tigervnc-server-minimal-1.15.0-8.el8_10.ML.1.x86_64.rpm
MD5: cd72ebf28bde079dcfb8d755216a4659
SHA-256: ee2b5b8e270da946025c16f50512f14db08059740a82f1d2157a460b9f184314
Size: 1.17 MB - tigervnc-server-module-1.15.0-8.el8_10.ML.1.x86_64.rpm
MD5: aa90bce2f4d55438102ec3a66709d4f7
SHA-256: 5fe389ebfe76fea1f6dfc3d3fedcb4a08a4453e8c1940fb30f106b9994f54dd7
Size: 311.05 kB
English