[El-errata] ELSA-2024-10090 Important: Oracle Linux 9 tigervnc security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu Nov 21 14:43:03 UTC 2024
Oracle Linux Security Advisory ELSA-2024-10090
http://linux.oracle.com/errata/ELSA-2024-10090.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
tigervnc-1.14.1-1.el9_5.x86_64.rpm
tigervnc-icons-1.14.1-1.el9_5.noarch.rpm
tigervnc-license-1.14.1-1.el9_5.noarch.rpm
tigervnc-selinux-1.14.1-1.el9_5.noarch.rpm
tigervnc-server-1.14.1-1.el9_5.x86_64.rpm
tigervnc-server-minimal-1.14.1-1.el9_5.x86_64.rpm
tigervnc-server-module-1.14.1-1.el9_5.x86_64.rpm
aarch64:
tigervnc-1.14.1-1.el9_5.aarch64.rpm
tigervnc-icons-1.14.1-1.el9_5.noarch.rpm
tigervnc-license-1.14.1-1.el9_5.noarch.rpm
tigervnc-selinux-1.14.1-1.el9_5.noarch.rpm
tigervnc-server-1.14.1-1.el9_5.aarch64.rpm
tigervnc-server-minimal-1.14.1-1.el9_5.aarch64.rpm
tigervnc-server-module-1.14.1-1.el9_5.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//tigervnc-1.14.1-1.el9_5.src.rpm
Related CVEs:
CVE-2024-9632
Description of changes:
[1.14.1-1]
- 1.14.1
Resolves: RHEL-66600
- Fix CVE-2024-9632: xorg-x11-server: heap-based buffer overflow privilege escalation vulnerability
Resolves: RHEL-62000
[1.13.1-11]
- vncsession: use /bin/sh if the user shell is not set
Resolves: RHEL-50679
[1.13.1-10]
- vncconfig: add option to force view-only remote client connections
Resolves: RHEL-12144
[1.13.1-9]
- Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents
Resolves: RHEL-30756
- Fix CVE-2024-31083 tigervnc: xorg-x11-server: User-after-free in ProcRenderAddGlyphs
Resolves: RHEL-30768
- Fix CVE-2024-31081 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice
Resolves: RHEL-30762
[1.13.1-8]
- Fix copy/paste error in the DeviceStateNotify
Resolves: RHEL-20533
[1.13.1-7]
- Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice
Resolves: RHEL-20389
- Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent
Resolves: RHEL-20383
- Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access
Resolves: RHEL-20533
- Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer
Resolves: RHEL-21213
[1.13.1-6]
- Use dup() to get available file descriptor when using -inetd option
Resolves: RHEL-19858
[1.13.1-5]
- Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions
Resolves: RHEL-18414
- Fix CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty
Resolves: RHEL-18426
[1.13.1-4]
- Fix CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow
Resolves: RHEL-15237
- Fix CVE-2023-5367 tigervnc: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty
Resolves: RHEL-15249
[1.13.1-3]
- Support username alias in PlainUsers
Resolves: RHEL-8430
[1.13.1-2]
- xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege
Escalation Vulnerability
Resolves: bz#2180310
[1.13.1-1]
- 1.13.1
Resolves: bz#2175732
[1.12.0-12]
- SELinux: allow vncsession create .vnc directory
Resolves: bz#2164703
[1.12.0-11]
- Add sanity check when cleaning up keymap changes
Resolves: bz#2169965
[1.12.0-10]
- xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation
Resolves: bz#2167061
[1.12.0-9]
- Rebuild for xorg-x11-server CVE-2022-46340 follow up fix
[1.12.0-8]
- Rebuild for xorg-x11-server CVEs
Resolves: CVE-2022-4283 (bz#2154234)
Resolves: CVE-2022-46340 (bz#2154221)
Resolves: CVE-2022-46341 (bz#2154224)
Resolves: CVE-2022-46342 (bz#2154226)
Resolves: CVE-2022-46343 (bz#2154228)
Resolves: CVE-2022-46344 (bz#2154230)
[1.12.0-7]
- x0vncserver: add new keysym in case we don't find matching keycode
+ actually apply the patch
Resolves: bz#2119017
[1.12.0-6]
- x0vncserver: add new keysym in case we don't find matching keycode
Resolves: bz#2119017
More information about the El-errata
mailing list