Lucene search
AmazonALAS-2023-1746HistoryMay 11, 2023 - 6:00 p.m.
Important: tigervnc
2023-05-1118:00:00
alas.aws.amazon.com
4
x.org
local privilege elevation
remote code execution
ssh
tigervnc
cve-2023-0494
security vulnerability
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
51.9%
Issue Overview:
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. (CVE-2023-0494)
Affected Packages:
tigervnc
Issue Correction:
Run yum update tigervnc to update your system.
New Packages:
i686:
tigervnc-debuginfo-1.8.0-21.35.amzn1.i686
tigervnc-1.8.0-21.35.amzn1.i686
tigervnc-server-module-1.8.0-21.35.amzn1.i686
tigervnc-server-1.8.0-21.35.amzn1.i686
src:
tigervnc-1.8.0-21.35.amzn1.src
x86_64:
tigervnc-debuginfo-1.8.0-21.35.amzn1.x86_64
tigervnc-server-1.8.0-21.35.amzn1.x86_64
tigervnc-server-module-1.8.0-21.35.amzn1.x86_64
tigervnc-1.8.0-21.35.amzn1.x86_64
Additional References
Red Hat: CVE-2023-0494
Mitre: CVE-2023-0494
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | tigervnc-debuginfo | < 1.8.0-21.35.amzn1 | tigervnc-debuginfo-1.8.0-21.35.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | tigervnc | < 1.8.0-21.35.amzn1 | tigervnc-1.8.0-21.35.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | tigervnc-server-module | < 1.8.0-21.35.amzn1 | tigervnc-server-module-1.8.0-21.35.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | tigervnc-server | < 1.8.0-21.35.amzn1 | tigervnc-server-1.8.0-21.35.amzn1.i686.rpm |
| Amazon Linux | 1 | x86_64 | tigervnc-debuginfo | < 1.8.0-21.35.amzn1 | tigervnc-debuginfo-1.8.0-21.35.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | tigervnc-server | < 1.8.0-21.35.amzn1 | tigervnc-server-1.8.0-21.35.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | tigervnc-server-module | < 1.8.0-21.35.amzn1 | tigervnc-server-module-1.8.0-21.35.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | tigervnc | < 1.8.0-21.35.amzn1 | tigervnc-1.8.0-21.35.amzn1.x86_64.rpm |
Related
openvas
openvas
Huawei EulerOS: Security Advisory for xorg-x11-server (EulerOS-SA-2023-2281)
2023-07-04 00:00:00
Fedora: Security Advisory for xorg-x11-server (FEDORA-2023-fb5022e741)
2023-02-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:0286-1)
2023-02-08 00:00:00
redhatcve
redhatcve
CVE-2023-0494
2023-02-07 04:26:37
redhat
redhat
(RHSA-2023:0622) Important: tigervnc security update
2023-02-07 15:17:04
(RHSA-2023:0675) Important: tigervnc and xorg-x11-server security update
2023-02-08 19:38:55
(RHSA-2023:0665) Important: tigervnc security update
2023-02-08 10:53:32
debian
debian
[SECURITY] [DSA 5342-1] xorg-server security update
2023-02-07 15:48:26
[SECURITY] [DLA 3310-1] xorg-server security update
2023-02-07 07:27:41
nessus
nessus
Debian DSA-5342-1 : xorg-server - security update
2023-02-07 00:00:00
SUSE SLES12 Security Update : xorg-x11-server (SUSE-SU-2023:0282-1)
2023-02-08 00:00:00
freebsd
freebsd
xorg-server -- Security issue in the X server
2023-02-07 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: xorg-x11-server-Xwayland-22.1.8-1.fc37
2023-02-12 00:44:45
[SECURITY] Fedora 37 Update: tigervnc-1.13.0-1.fc37
2023-02-13 00:45:02
[SECURITY] Fedora 37 Update: xorg-x11-server-1.20.14-18.fc37
2023-02-13 00:45:00
rocky
rocky
tigervnc security update
2023-02-16 06:35:13
tigervnc security update
2023-02-16 06:36:03
veracode
veracode
Use After Free
2023-02-11 05:09:41
alpinelinux
alpinelinux
CVE-2023-0494
2023-03-27 21:15:10
almalinux
almalinux
Important: tigervnc security update
2023-02-07 00:00:00
Important: tigervnc security update
2023-02-08 00:00:00
Moderate: xorg-x11-server security and bug fix update
2023-05-09 00:00:00
osv
osv
Important: tigervnc security update
2023-02-07 00:00:00
xorg-server - security update
2023-02-07 00:00:00
xorg-server, xorg-server-hwe-18.04, xwayland vulnerability
2023-02-07 17:32:37
ubuntu
ubuntu
X.Org X Server vulnerability
2023-02-07 00:00:00
X.Org X Server vulnerabilities
2023-02-16 00:00:00
slackware
slackware
[slackware-security] xorg-server
2023-02-07 20:58:17
[slackware-security] tigervnc
2023-11-13 19:27:10
zdi
zdi
mageia
mageia
Updated tigervnc/x11-server packages fix security vulnerability
2023-03-31 03:13:46
redos
redos
ROS-20230210-02
2023-02-10 00:00:00
prion
prion
Design/Logic Flaw
2023-03-27 21:15:00
cvelist
cvelist
CVE-2023-0494
2023-03-27 00:00:00
nvd
nvd
CVE-2023-0494
2023-03-27 21:15:10
centos
centos
tigervnc, xorg security update
2023-02-20 16:16:26
amazon
amazon
Important: tigervnc
2024-05-23 22:04:00
Important: xorg-x11-server
2023-03-02 22:35:00
Important: xorg-x11-server
2023-03-17 15:53:00
altlinux
altlinux
Security fix for the ALT Linux 10 package xorg-server version 2:1.20.14-alt7
2023-02-15 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2126
2023-02-28 10:19:45
Advisory ROSA-SA-2023-2125
2023-02-28 10:13:13
cve
cve
CVE-2023-0494
2023-03-27 21:15:10
ubuntucve
ubuntucve
CVE-2023-0494
2023-02-07 00:00:00
oraclelinux
oraclelinux
tigervnc security update
2023-02-08 00:00:00
tigervnc security update
2023-02-08 00:00:00
tigervnc and xorg-x11-server security update
2023-02-09 00:00:00
debiancve
debiancve
CVE-2023-0494
2023-03-27 21:15:10
gentoo
gentoo
X.Org X server, XWayland: Multiple Vulnerabilities
2023-05-30 00:00:00
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
51.9%
Related for ALAS-2023-1746