ALSA-2024:0557

[ALSA-2024:0557] Important: tigervnc security update

Type:

security

Severity:

important

Release date:

2024-01-31

Description:

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

* xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (CVE-2023-6816)
* xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access (CVE-2024-0229)
* xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent (CVE-2024-21885)
* xorg-x11-server: heap buffer overflow in DisableDevice (CVE-2024-21886)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	tigervnc-1.13.1-3.el9_3.6.alma.1.aarch64.rpm	41a1056ea4b27a05eea406dbe51fa4ded91cf8a4c8be1c2a2a471a54ad05182f
aarch64	tigervnc-server-1.13.1-3.el9_3.6.alma.1.aarch64.rpm	7db025f9a19a4b3f9faf4b63154b58c823dd177ec59a71eb6c8a242c278941e8
aarch64	tigervnc-server-module-1.13.1-3.el9_3.6.alma.1.aarch64.rpm	ea549ec6b77c382a8f29177cfea3aeb9a1e3199bb80ad492c10b3d0e2bbc571c
aarch64	tigervnc-server-minimal-1.13.1-3.el9_3.6.alma.1.aarch64.rpm	fd9e0e4168ad3f0fbdc9b7bc92c237fef1bf2d673b61878d5e41792ef756e15c
noarch	tigervnc-license-1.13.1-3.el9_3.6.alma.1.noarch.rpm	4c5f5ac26ea3fd5c86eb2a2ead5617a4c3afeab2d61239ba0e4144a6fc242cf9
noarch	tigervnc-icons-1.13.1-3.el9_3.6.alma.1.noarch.rpm	e1af8361e82b513ee2f2fbbbd88156a499467cba27ddc1423e92d94293cbe255
noarch	tigervnc-selinux-1.13.1-3.el9_3.6.alma.1.noarch.rpm	fec12fd04cc7d5cc50381ca18c190ad46a5cc938f296f16e3b6aa24d17e75b07
ppc64le	tigervnc-server-1.13.1-3.el9_3.6.alma.1.ppc64le.rpm	79d02a1e21a26d2ac9b786d2303a40f1ec3f3dca8d3a47bbdad199c1f31198f0
ppc64le	tigervnc-server-module-1.13.1-3.el9_3.6.alma.1.ppc64le.rpm	cdab811582754693638dcb51362aa05c2b684e7f1254c80304066c8bf1e3c0a1
ppc64le	tigervnc-server-minimal-1.13.1-3.el9_3.6.alma.1.ppc64le.rpm	dfdc38ccdc06cf996a3265c1572bb8e9800ea0f9a373b40c8b1d78e4f27533b1
ppc64le	tigervnc-1.13.1-3.el9_3.6.alma.1.ppc64le.rpm	ecd79ed125a0a8f4525aa50ab5319f409047c4203c30c73bebb738b475af0736
s390x	tigervnc-server-minimal-1.13.1-3.el9_3.6.alma.1.s390x.rpm	37a7e49a4ec628e53a1c6565a241f42b668dafa4a94e9eeb382feb9582902cfc
s390x	tigervnc-server-module-1.13.1-3.el9_3.6.alma.1.s390x.rpm	38b9f15bd0dd8c2ccbffd78e6782f48955e1b677abd4631df54a3f579158d699
s390x	tigervnc-1.13.1-3.el9_3.6.alma.1.s390x.rpm	92ab66d538f7f9d3624d325038fcbc68517e1a50cd45dc7296732f4372e8bc26
s390x	tigervnc-server-1.13.1-3.el9_3.6.alma.1.s390x.rpm	b01643eeeba766695c35591505be40bcd0a16772baab2b4ed4712dc5b074035a
x86_64	tigervnc-1.13.1-3.el9_3.6.alma.1.x86_64.rpm	16cde6196c0123c6102b12dd140445a956efcbe52714d96519a35a54938e8130
x86_64	tigervnc-server-1.13.1-3.el9_3.6.alma.1.x86_64.rpm	512e928edcca8d3e3028aeaf75f74389c9d303ab4e796e3d0f03e6c7926942ef
x86_64	tigervnc-server-minimal-1.13.1-3.el9_3.6.alma.1.x86_64.rpm	592244a12046c8082930bb15fc3eb288a08d92e9c0ac9939bb8f9cbcd2cbfaa3
x86_64	tigervnc-server-module-1.13.1-3.el9_3.6.alma.1.x86_64.rpm	bdbe935bd5f004c2e161e50651be455fccb0a5eac8821331bb7f86a77b6b5e52

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.