(RHSA-2024:2298) Important: tigervnc security update

2024-04-3006:15:18

access.redhat.com

tigervnc

security update

xorg-x11-server

use-after-free

cve-2023-5574

cve-2023-5380

remote display system

red hat enterprise linux 9.4

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.9%

JSON

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

xorg-x11-server: Use-after-free bug in DamageDestroy (CVE-2023-5574)
xorg-x11-server: Use-after-free bug in DestroyWindow (CVE-2023-5380)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.4 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHat9aarch64tigervnc-server-module-debuginfo< 1.13.1-8.el9tigervnc-server-module-debuginfo-1.13.1-8.el9.aarch64.rpm
RedHat9x86_64tigervnc-server-module< 1.13.1-8.el9tigervnc-server-module-1.13.1-8.el9.x86_64.rpm
RedHat9ppc64letigervnc-server-module-debuginfo< 1.13.1-8.el9tigervnc-server-module-debuginfo-1.13.1-8.el9.ppc64le.rpm
RedHat9ppc64letigervnc-server-minimal< 1.13.1-8.el9tigervnc-server-minimal-1.13.1-8.el9.ppc64le.rpm
RedHat9s390xtigervnc-server-module< 1.13.1-8.el9tigervnc-server-module-1.13.1-8.el9.s390x.rpm
RedHat9noarchtigervnc-license< 1.13.1-8.el9tigervnc-license-1.13.1-8.el9.noarch.rpm
RedHat9aarch64tigervnc-debuginfo< 1.13.1-8.el9tigervnc-debuginfo-1.13.1-8.el9.aarch64.rpm
RedHat9ppc64letigervnc-server< 1.13.1-8.el9tigervnc-server-1.13.1-8.el9.ppc64le.rpm
RedHat9x86_64tigervnc-server-debuginfo< 1.13.1-8.el9tigervnc-server-debuginfo-1.13.1-8.el9.x86_64.rpm
RedHat9x86_64tigervnc-debugsource< 1.13.1-8.el9tigervnc-debugsource-1.13.1-8.el9.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	9	aarch64	tigervnc-server-module-debuginfo	< 1.13.1-8.el9	tigervnc-server-module-debuginfo-1.13.1-8.el9.aarch64.rpm
RedHat	9	x86_64	tigervnc-server-module	< 1.13.1-8.el9	tigervnc-server-module-1.13.1-8.el9.x86_64.rpm
RedHat	9	ppc64le	tigervnc-server-module-debuginfo	< 1.13.1-8.el9	tigervnc-server-module-debuginfo-1.13.1-8.el9.ppc64le.rpm
RedHat	9	ppc64le	tigervnc-server-minimal	< 1.13.1-8.el9	tigervnc-server-minimal-1.13.1-8.el9.ppc64le.rpm
RedHat	9	s390x	tigervnc-server-module	< 1.13.1-8.el9	tigervnc-server-module-1.13.1-8.el9.s390x.rpm
RedHat	9	noarch	tigervnc-license	< 1.13.1-8.el9	tigervnc-license-1.13.1-8.el9.noarch.rpm
RedHat	9	aarch64	tigervnc-debuginfo	< 1.13.1-8.el9	tigervnc-debuginfo-1.13.1-8.el9.aarch64.rpm
RedHat	9	ppc64le	tigervnc-server	< 1.13.1-8.el9	tigervnc-server-1.13.1-8.el9.ppc64le.rpm
RedHat	9	x86_64	tigervnc-server-debuginfo	< 1.13.1-8.el9	tigervnc-server-debuginfo-1.13.1-8.el9.x86_64.rpm
RedHat	9	x86_64	tigervnc-debugsource	< 1.13.1-8.el9	tigervnc-debugsource-1.13.1-8.el9.x86_64.rpm