RLSA-2024:0607

Synopsis

Important: tigervnc security update

Description

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

* xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (CVE-2023-6816)

* xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access (CVE-2024-0229)

* xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent (CVE-2024-21885)

* xorg-x11-server: heap buffer overflow in DisableDevice (CVE-2024-21886)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 8 aarch64

Fixes

2256540 2256542 2256690 2257691

CVEs

CVE-2023-6816 CVE-2024-0229 CVE-2024-21885 CVE-2024-21886

Affected packages

Rocky Linux 8 aarch64 - AppStream

tigervnc-0:1.13.1-2.el8_9.7.aarch64.rpm tigervnc-0:1.13.1-2.el8_9.7.src.rpm tigervnc-debuginfo-0:1.13.1-2.el8_9.7.aarch64.rpm tigervnc-debugsource-0:1.13.1-2.el8_9.7.aarch64.rpm tigervnc-icons-0:1.13.1-2.el8_9.7.noarch.rpm tigervnc-license-0:1.13.1-2.el8_9.7.noarch.rpm tigervnc-selinux-0:1.13.1-2.el8_9.7.noarch.rpm tigervnc-server-0:1.13.1-2.el8_9.7.aarch64.rpm tigervnc-server-debuginfo-0:1.13.1-2.el8_9.7.aarch64.rpm tigervnc-server-minimal-0:1.13.1-2.el8_9.7.aarch64.rpm tigervnc-server-minimal-debuginfo-0:1.13.1-2.el8_9.7.aarch64.rpm tigervnc-server-module-0:1.13.1-2.el8_9.7.aarch64.rpm tigervnc-server-module-debuginfo-0:1.13.1-2.el8_9.7.aarch64.rpm