tigervnc, xorg security update

2023-02-2016:16:26

CentOS Project

lists.centos.org

128

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.3%

JSON

CentOS Errata and Security Advisory CESA-2023:0675

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.

Security Fix(es):

xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation (CVE-2023-0494)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2023-February/086373.html
https://lists.centos.org/pipermail/centos-announce/2023-March/086378.html

Affected packages:
tigervnc
tigervnc-icons
tigervnc-license
tigervnc-server
tigervnc-server-applet
tigervnc-server-minimal
tigervnc-server-module
xorg-x11-server-Xdmx
xorg-x11-server-Xephyr
xorg-x11-server-Xnest
xorg-x11-server-Xorg
xorg-x11-server-Xvfb
xorg-x11-server-Xwayland
xorg-x11-server-common
xorg-x11-server-devel
xorg-x11-server-source

Upstream details at:
https://access.redhat.com/errata/RHSA-2023:0675

OSVersionArchitecturePackageVersionFilename
CentOS7x86_64tigervnc< 1.8.0-24.el7_9tigervnc-1.8.0-24.el7_9.x86_64.rpm
CentOS7noarchtigervnc-icons< 1.8.0-24.el7_9tigervnc-icons-1.8.0-24.el7_9.noarch.rpm
CentOS7noarchtigervnc-license< 1.8.0-24.el7_9tigervnc-license-1.8.0-24.el7_9.noarch.rpm
CentOS7x86_64tigervnc-server< 1.8.0-24.el7_9tigervnc-server-1.8.0-24.el7_9.x86_64.rpm
CentOS7noarchtigervnc-server-applet< 1.8.0-24.el7_9tigervnc-server-applet-1.8.0-24.el7_9.noarch.rpm
CentOS7x86_64tigervnc-server-minimal< 1.8.0-24.el7_9tigervnc-server-minimal-1.8.0-24.el7_9.x86_64.rpm
CentOS7x86_64tigervnc-server-module< 1.8.0-24.el7_9tigervnc-server-module-1.8.0-24.el7_9.x86_64.rpm
CentOS7x86_64xorg-x11-server-common< 1.20.4-22.el7_9xorg-x11-server-common-1.20.4-22.el7_9.x86_64.rpm
CentOS7i686xorg-x11-server-devel< 1.20.4-22.el7_9xorg-x11-server-devel-1.20.4-22.el7_9.i686.rpm
CentOS7x86_64xorg-x11-server-devel< 1.20.4-22.el7_9xorg-x11-server-devel-1.20.4-22.el7_9.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	7	x86_64	tigervnc	< 1.8.0-24.el7_9	tigervnc-1.8.0-24.el7_9.x86_64.rpm
CentOS	7	noarch	tigervnc-icons	< 1.8.0-24.el7_9	tigervnc-icons-1.8.0-24.el7_9.noarch.rpm
CentOS	7	noarch	tigervnc-license	< 1.8.0-24.el7_9	tigervnc-license-1.8.0-24.el7_9.noarch.rpm
CentOS	7	x86_64	tigervnc-server	< 1.8.0-24.el7_9	tigervnc-server-1.8.0-24.el7_9.x86_64.rpm
CentOS	7	noarch	tigervnc-server-applet	< 1.8.0-24.el7_9	tigervnc-server-applet-1.8.0-24.el7_9.noarch.rpm
CentOS	7	x86_64	tigervnc-server-minimal	< 1.8.0-24.el7_9	tigervnc-server-minimal-1.8.0-24.el7_9.x86_64.rpm
CentOS	7	x86_64	tigervnc-server-module	< 1.8.0-24.el7_9	tigervnc-server-module-1.8.0-24.el7_9.x86_64.rpm
CentOS	7	x86_64	xorg-x11-server-common	< 1.20.4-22.el7_9	xorg-x11-server-common-1.20.4-22.el7_9.x86_64.rpm
CentOS	7	i686	xorg-x11-server-devel	< 1.20.4-22.el7_9	xorg-x11-server-devel-1.20.4-22.el7_9.i686.rpm
CentOS	7	x86_64	xorg-x11-server-devel	< 1.20.4-22.el7_9	xorg-x11-server-devel-1.20.4-22.el7_9.x86_64.rpm