Lucene search
OracleLinuxELSA-2024-2037HistoryApr 24, 2024 - 12:00 a.m.
tigervnc security update
2024-04-2400:00:00
linux.oracle.com
11
tigervnc
security update
cve-2024-31083
heap buffer overread
data leakage
user-after-free
heap buffer overflow
out-of-bounds memory access
xorg-x11-server
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.1%
[1.13.1-2.10]
- Fix crash caused by fix for CVE-2024-31083
Resolves: RHEL-30981
[1.13.1-2.9] - Rebuild (z-stream target)
Resolves: RHEL-31011
Resolves: RHEL-30981
Resolves: RHEL-30998
[1.13.1-2.8] - Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents
Resolves: RHEL-31011 - Fix CVE-2024-31083 tigervnc: xorg-x11-server: User-after-free in ProcRenderAddGlyphs
Resolves: RHEL-30981 - Fix CVE-2024-31081 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice
Resolves: RHEL-30998
[1.13.1-3.7] - Fix use after free related to CVE-2024-21886
Resolves: RHEL-20432 - Fix copy/paste error in the DeviceStateNotify
Resolves: RHEL-20583
[1.13.1-3.6] - Don’t try to get pointer position when the pointer becomes a floating device
Resolves: RHEL-20432
[1.13.1-3.5] - Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice
Resolves: RHEL-20432 - Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent
Resolves: RHEL-20420 - Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access
Resolves: RHEL-20583 - Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer
Resolves: RHEL-21252
[1.13.1-2.4] - Updated fix for CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions
Resolves: RHEL-18409
[1.13.1-2.3] - Rebuild (selinux-policy)
Resolves: RHEL-18409
Resolves: RHEL-18421
[1.13.1-2.2] - Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions
Resolves: RHEL-18409 - Fix CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty
Resolves: RHEL-18421
[1.13.1-2.1] - Fix CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow
- Fix CVE-2023-5367 tigervnc: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty
Resolves: RHEL-15229
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 8 | src | tigervnc | < 1.13.1-2.el8_9.10 | tigervnc-1.13.1-2.el8_9.10.src.rpm |
| oracle linux | 8 | aarch64 | tigervnc | < 1.13.1-2.el8_9.10 | tigervnc-1.13.1-2.el8_9.10.aarch64.rpm |
| oracle linux | 8 | noarch | tigervnc-icons | < 1.13.1-2.el8_9.10 | tigervnc-icons-1.13.1-2.el8_9.10.noarch.rpm |
| oracle linux | 8 | noarch | tigervnc-license | < 1.13.1-2.el8_9.10 | tigervnc-license-1.13.1-2.el8_9.10.noarch.rpm |
| oracle linux | 8 | noarch | tigervnc-selinux | < 1.13.1-2.el8_9.10 | tigervnc-selinux-1.13.1-2.el8_9.10.noarch.rpm |
| oracle linux | 8 | aarch64 | tigervnc-server | < 1.13.1-2.el8_9.10 | tigervnc-server-1.13.1-2.el8_9.10.aarch64.rpm |
| oracle linux | 8 | aarch64 | tigervnc-server-minimal | < 1.13.1-2.el8_9.10 | tigervnc-server-minimal-1.13.1-2.el8_9.10.aarch64.rpm |
| oracle linux | 8 | aarch64 | tigervnc-server-module | < 1.13.1-2.el8_9.10 | tigervnc-server-module-1.13.1-2.el8_9.10.aarch64.rpm |
| oracle linux | 8 | src | tigervnc | < 1.13.1-2.el8_9.10 | tigervnc-1.13.1-2.el8_9.10.src.rpm |
| oracle linux | 8 | x86_64 | tigervnc | < 1.13.1-2.el8_9.10 | tigervnc-1.13.1-2.el8_9.10.x86_64.rpm |
Related
nessus
nessus
Debian dla-3787 : xdmx - security update
2024-04-15 00:00:00
Amazon Linux 2 : tigervnc (ALAS-2024-2510)
2024-04-18 00:00:00
RHEL 9 : tigervnc (RHSA-2024:2616)
2024-04-30 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5657-1)
2024-04-15 00:00:00
Mageia: Security Advisory (MGASA-2024-0121)
2024-04-12 00:00:00
redhat
redhat
(RHSA-2024:2041) Important: tigervnc security update
2024-04-24 14:55:01
(RHSA-2024:2040) Important: tigervnc security update
2024-04-24 14:54:54
(RHSA-2024:2042) Important: tigervnc security update
2024-04-24 14:55:08
oraclelinux
oraclelinux
tigervnc security update
2024-05-07 00:00:00
tigervnc security update
2024-05-29 00:00:00
tigervnc security update
2024-04-29 00:00:00
osv
osv
Important: tigervnc security update
2024-05-10 14:32:42
Important: xorg-x11-server-Xwayland security update
2024-05-23 00:00:00
Important: tigervnc security update
2024-05-06 13:04:21
almalinux
almalinux
Important: tigervnc security update
2024-05-22 00:00:00
Important: tigervnc security update
2024-04-30 00:00:00
Moderate: xorg-x11-server security update
2024-05-22 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: xorg-x11-server-Xwayland-22.1.9-7.fc38
2024-04-24 01:36:56
[SECURITY] Fedora 40 Update: xorg-x11-server-Xwayland-23.2.6-1.fc40
2024-04-19 21:43:34
[SECURITY] Fedora 39 Update: xorg-x11-server-Xwayland-23.2.6-1.fc39
2024-04-24 01:18:17
debian
debian
[SECURITY] [DSA 5657-1] xorg-server security update
2024-04-12 20:32:08
[SECURITY] [DLA 3787-1] xorg-server security update
2024-04-15 13:22:45
freebsd
freebsd
xorg server -- Multiple vulnerabilities
2024-04-03 00:00:00
amazon
amazon
Important: xorg-x11-server
2024-04-11 01:07:00
Important: tigervnc
2024-04-11 01:07:00
Important: xorg-x11-server
2024-04-11 01:43:00
rocky
rocky
tigervnc security update
2024-06-14 13:59:30
tigervnc security update
2024-05-06 13:04:21
tigervnc security update
2024-05-10 14:32:42
mageia
mageia
ubuntu
ubuntu
X.Org X Server regression
2024-04-09 00:00:00
X.Org X Server vulnerabilities
2024-04-04 00:00:00
slackware
slackware
[slackware-security] tigervnc
2024-04-05 20:14:40
[slackware-security] xorg-server
2024-04-03 22:25:44
redos
redos
ROS-20240507-07
2024-05-07 00:00:00
redhatcve
redhatcve
veracode
veracode
Buffer Over-read
2024-04-11 02:44:05
Use After Free
2024-04-11 02:44:08
Buffer Over-Read
2024-04-11 02:44:06
cgr
cgr
CVE-2024-31081 vulnerabilities
2024-05-19 03:07:16
CVE-2024-31080 vulnerabilities
2024-05-19 03:07:16
CVE-2024-31083 vulnerabilities
2024-05-19 03:07:16
cve
cve
debiancve
debiancve
cvelist
cvelist
CVE-2024-31080 Xorg-x11-server: heap buffer overread/data leakage in procxigetselectedevents
2024-04-04 13:47:33
CVE-2024-31081 Xorg-x11-server: heap buffer overread/data leakage in procxipassivegrabdevice
2024-04-04 13:48:12
CVE-2024-31083 Xorg-x11-server: use-after-free in procrenderaddglyphs
2024-04-05 12:04:49
nvd
nvd
wolfi
wolfi
CVE-2024-31080 vulnerabilities
2024-06-24 09:08:26
CVE-2024-31083 vulnerabilities
2024-06-24 09:08:26
CVE-2024-31081 vulnerabilities
2024-06-24 09:08:26
ubuntucve
ubuntucve
alpinelinux
alpinelinux
zdi
zdi
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.1%
Related for ELSA-2024-2037