ALSA-2024:0607

[ALSA-2024:0607] Important: tigervnc security update

Type:

security

Severity:

important

Release date:

2024-01-31

Description:

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

* xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (CVE-2023-6816)
* xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access (CVE-2024-0229)
* xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent (CVE-2024-21885)
* xorg-x11-server: heap buffer overflow in DisableDevice (CVE-2024-21886)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	tigervnc-server-1.13.1-2.el8_9.7.alma.1.aarch64.rpm	31c77b7c23eddb54076f2562ac1e3c55b66f1662240c63e742322771338a6cb0
aarch64	tigervnc-server-module-1.13.1-2.el8_9.7.alma.1.aarch64.rpm	4bb8a9660f08de4339a934edbf8009c747515bf2cc1b4f6601a738e92fe0f91d
aarch64	tigervnc-server-minimal-1.13.1-2.el8_9.7.alma.1.aarch64.rpm	8a27c5fc340b79f39003f93197271a7fedeef7ce97c39492ed8aa791aeefa31b
aarch64	tigervnc-1.13.1-2.el8_9.7.alma.1.aarch64.rpm	b958e79b8fe965e5a30177d83fea4b92cd6de4972cd19e0a338a0667755d3629
noarch	tigervnc-icons-1.13.1-2.el8_9.7.alma.1.noarch.rpm	690135ab868a3f2ec8c9779a5b3c12c453e96dc806febe6416dbeefc2d7120c1
noarch	tigervnc-license-1.13.1-2.el8_9.7.alma.1.noarch.rpm	8bff591ce0c81224114bbf3bbbad1bb8064af6afabfaf3bad3c7e7dd1b40ab76
noarch	tigervnc-selinux-1.13.1-2.el8_9.7.alma.1.noarch.rpm	aadc517b4dd07c9e83ab5d3db642178b0041b682a19db2fac97a43a383fe2b64
ppc64le	tigervnc-server-minimal-1.13.1-2.el8_9.7.alma.1.ppc64le.rpm	324b6443f79321181c49dfde46649fa51e7506a9f527796f18ba8664eb4e3aba
ppc64le	tigervnc-1.13.1-2.el8_9.7.alma.1.ppc64le.rpm	909ff1104bdd8faf529d500d9b1ac5e1828812ab2541b64f330594f5bcc14614
ppc64le	tigervnc-server-1.13.1-2.el8_9.7.alma.1.ppc64le.rpm	996b2ed9ffaaab3cacbb64d3b6c405d675ebd3681de3d84956305d775daf9b56
ppc64le	tigervnc-server-module-1.13.1-2.el8_9.7.alma.1.ppc64le.rpm	a7cd4b65bb0ed5e13210e7156c0e622c94fa58965d3efb7b21f86edc760f5ae9
s390x	tigervnc-server-minimal-1.13.1-2.el8_9.7.alma.1.s390x.rpm	27bcff896d7a5ed1c9098d86b4a66cdfb511f0e4f0e03f8eb3a2f87911065134
s390x	tigervnc-server-module-1.13.1-2.el8_9.7.alma.1.s390x.rpm	447164193aa0b1ff98c32e62b804ab2a7e498df259c6761b3d0f72e0da225779
s390x	tigervnc-server-1.13.1-2.el8_9.7.alma.1.s390x.rpm	49a80d15b0f7cdd36bf8c4c2f6d01b01e142190b9fa8c91f9a2556b804ac837c
s390x	tigervnc-1.13.1-2.el8_9.7.alma.1.s390x.rpm	7daaf6efc093341c70768e61361f56250eb73b9d5d08c29253243eaf24788126
x86_64	tigervnc-server-minimal-1.13.1-2.el8_9.7.alma.1.x86_64.rpm	25ce53490f34a67d6f8dbdbf5a7e80cce24ee41ea0f605c34de84b936bf43676
x86_64	tigervnc-1.13.1-2.el8_9.7.alma.1.x86_64.rpm	56026b8dd619cc84ed9d31d462ac41c7ab9ac32091b726b2eea9104be966a7c7
x86_64	tigervnc-server-1.13.1-2.el8_9.7.alma.1.x86_64.rpm	86b8f8bc208c95ceff1d53dd95e3e4c8709fda53d987e59037292eace56c5b03
x86_64	tigervnc-server-module-1.13.1-2.el8_9.7.alma.1.x86_64.rpm	f0d3c49494fe5094581c0e1a78d56b5cd9dfcee56447d9e5ae4d340eada510d0

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.