ELSA-2024-2298

ULN >
Oracle Linux Errata repository >
ELSA-2024-2298

ELSA-2024-2298 - tigervnc security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2024-05-02

Description

[1.13.1-8]
- Fix copy/paste error in the DeviceStateNotify
Resolves: RHEL-20533

[1.13.1-7]
- Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice
Resolves: RHEL-20389
- Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent
Resolves: RHEL-20383
- Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access
Resolves: RHEL-20533
- Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer
Resolves: RHEL-21213

[1.13.1-6]
- Use dup() to get available file descriptor when using -inetd option
Resolves: RHEL-19858

[1.13.1-5]
- Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions
Resolves: RHEL-18414
- Fix CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty
Resolves: RHEL-18426

[1.13.1-4]
- Fix CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow
Resolves: RHEL-15237

- Fix CVE-2023-5367 tigervnc: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty
Resolves: RHEL-15249

Related CVEs

CVE-2023-5574

CVE-2023-5380

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	tigervnc-1.13.1-8.el9.src.rpm	4c88673e5135969d5fb1ae6357d35cf6bb0e52689e3eee17fd75f4cb29384b23	-	ol9_aarch64_appstream
	tigervnc-1.13.1-8.el9.aarch64.rpm	4e9f625899ad34d883f076457832d1d14d8df57eebf22b23c100ade324888099	-	ol9_aarch64_appstream
	tigervnc-icons-1.13.1-8.el9.noarch.rpm	cb90f66247d288384d0bbc55eb62f640b13096d42ae76b21c85d9e78362f3a53	-	ol9_aarch64_appstream
	tigervnc-license-1.13.1-8.el9.noarch.rpm	c6b6a37fdfa8575d28ac4bff27460d319934281e7ee34286181c5da2bf581328	-	ol9_aarch64_appstream
	tigervnc-selinux-1.13.1-8.el9.noarch.rpm	99ffc063a78c96dfe14b243e9082f5e35cf08c4c210eb72941bd4d01efddea27	-	ol9_aarch64_appstream
	tigervnc-server-1.13.1-8.el9.aarch64.rpm	98fdabc06af04f43fc34e2a96914dfbeb9fdb14e13100f02d8d57ef2f98f551b	-	ol9_aarch64_appstream
	tigervnc-server-minimal-1.13.1-8.el9.aarch64.rpm	ea9e0b2a00a8568b1ed1c8c4454566a5381478ba7fe618deb3ea5701098cd154	-	ol9_aarch64_appstream
	tigervnc-server-module-1.13.1-8.el9.aarch64.rpm	23adeebc8581cbec67aeaab79a75c6f2ba5be4acd50d0b8cbbd3bfc8916dd0f3	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	tigervnc-1.13.1-8.el9.src.rpm	4c88673e5135969d5fb1ae6357d35cf6bb0e52689e3eee17fd75f4cb29384b23	-	ol9_x86_64_appstream
	tigervnc-1.13.1-8.el9.x86_64.rpm	96da9aa49802c6655fabfd640b912f4e21b0eefa5a5200aad05827567ab45a8a	-	ol9_x86_64_appstream
	tigervnc-icons-1.13.1-8.el9.noarch.rpm	cb90f66247d288384d0bbc55eb62f640b13096d42ae76b21c85d9e78362f3a53	-	ol9_x86_64_appstream
	tigervnc-license-1.13.1-8.el9.noarch.rpm	c6b6a37fdfa8575d28ac4bff27460d319934281e7ee34286181c5da2bf581328	-	ol9_x86_64_appstream
	tigervnc-selinux-1.13.1-8.el9.noarch.rpm	99ffc063a78c96dfe14b243e9082f5e35cf08c4c210eb72941bd4d01efddea27	-	ol9_x86_64_appstream
	tigervnc-server-1.13.1-8.el9.x86_64.rpm	77ac7ce47e409673cd79ee7e9cbeb1c14cc85c9efcec081eaebf62c8b334413a	-	ol9_x86_64_appstream
	tigervnc-server-minimal-1.13.1-8.el9.x86_64.rpm	6222ed06a423cc2e3cbd544c0ada0d55680ab9d753ed8333f48d897c08c85975	-	ol9_x86_64_appstream
	tigervnc-server-module-1.13.1-8.el9.x86_64.rpm	929943ad45f85deafe90e1257df077f87be3c8adcd36c8566a10c325e693dfbd	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691