ELSA-2024-3067

ELSA-2024-3067 - tigervnc security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2024-05-23

Description

[1.13.1-8]
- Fix copy/paste error in the DeviceStateNotify
Resolves: RHEL-20530

[1.13.1-7]
- Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice
Resolves: RHEL-20388
- Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent
Resolves: RHEL-20382
- Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access
Resolves: RHEL-20530
- Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer
Resolves: RHEL-21214

[1.13.1-6]
- Use dup() to get available file descriptor when using -inetd option
Resolves: RHEL-21000

[1.13.1-5]
- Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions
Resolves: RHEL-18410
- Fix CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty
Resolves: RHEL-18422

[1.13.1-4]
- Fix CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow
Resolves: RHEL-15236

- Fix CVE-2023-5367 tigervnc: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty
Resolves: RHEL-15230

[1.13.1-3]
- Support username alias in PlainUsers
Resolves: RHEL-4258

Related CVEs

CVE-2023-5380

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 8 (aarch64)	tigervnc-1.13.1-8.el8.src.rpm	251c7cf07d787773c3b1e9325faba10cfc186dc64073f836513f8e0ed9df4b94	-	ol8_aarch64_appstream
	tigervnc-1.13.1-8.el8.aarch64.rpm	7170986a389e7db47dbafe083bc1b243c46772eda4084f1a42103d0046638636	-	ol8_aarch64_appstream
	tigervnc-icons-1.13.1-8.el8.noarch.rpm	e611a27190d6a2c980ee38f4240d24e512429bc83ec2f8c5d027c9fa03515a5d	-	ol8_aarch64_appstream
	tigervnc-license-1.13.1-8.el8.noarch.rpm	4e44ed48a6cb8a59b8809772e3a3f0348621a3c3232b09753b8ec8f5ef27b6cf	-	ol8_aarch64_appstream
	tigervnc-selinux-1.13.1-8.el8.noarch.rpm	ca38046d5840eff275df50c5a4aa5f66afd020684dcd28d70cdae294584605bd	-	ol8_aarch64_appstream
	tigervnc-server-1.13.1-8.el8.aarch64.rpm	7075c877274cf5a28f9d10695a4f02a6b9ee79a1f6b76fe53647cbfb860eb67e	-	ol8_aarch64_appstream
	tigervnc-server-minimal-1.13.1-8.el8.aarch64.rpm	c9ff17b723d56c447999cabb4ff6560f8109287fa12ef36ef8aa888acdf9f8ea	-	ol8_aarch64_appstream
	tigervnc-server-module-1.13.1-8.el8.aarch64.rpm	9a139246a621a9635ca02b4e82978ac24268949cbb2b4442d61170b3579b21f2	-	ol8_aarch64_appstream
Oracle Linux 8 (x86_64)	tigervnc-1.13.1-8.el8.src.rpm	251c7cf07d787773c3b1e9325faba10cfc186dc64073f836513f8e0ed9df4b94	-	ol8_x86_64_appstream
	tigervnc-1.13.1-8.el8.x86_64.rpm	6877822c8f353b81594b115b460e55eab38d41ae714c29d96ad92864638ef0ed	-	ol8_x86_64_appstream
	tigervnc-icons-1.13.1-8.el8.noarch.rpm	e611a27190d6a2c980ee38f4240d24e512429bc83ec2f8c5d027c9fa03515a5d	-	ol8_x86_64_appstream
	tigervnc-license-1.13.1-8.el8.noarch.rpm	4e44ed48a6cb8a59b8809772e3a3f0348621a3c3232b09753b8ec8f5ef27b6cf	-	ol8_x86_64_appstream
	tigervnc-selinux-1.13.1-8.el8.noarch.rpm	ca38046d5840eff275df50c5a4aa5f66afd020684dcd28d70cdae294584605bd	-	ol8_x86_64_appstream
	tigervnc-server-1.13.1-8.el8.x86_64.rpm	ada5cb7c90c6349be0fef8e9c9fbf488b6c6e350c0c3f4ba154ab1fdcc22355c	-	ol8_x86_64_appstream
	tigervnc-server-minimal-1.13.1-8.el8.x86_64.rpm	0b5cc978a1287144ce6eb57b5d5dd8add7eee99b17b2b2491b18dfcab594d2d5	-	ol8_x86_64_appstream
	tigervnc-server-module-1.13.1-8.el8.x86_64.rpm	5ac19d942c560ddb55280782f2d528e8adf9b6853daa6f0700e1c8806586b0ed	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team