{"type":"TYPE_SECURITY","shortCode":"RL","name":"RLSA-2023:0662","synopsis":"Important: tigervnc security update","severity":"SEVERITY_IMPORTANT","topic":"An update is available for tigervnc.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list","description":"Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.\n\nSecurity Fix(es):\n\n* xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation (CVE-2023-0494)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","solution":null,"affectedProducts":["Rocky Linux 8"],"fixes":[{"ticket":"2165995","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2165995","description":""}],"cves":[{"name":"CVE-2023-0494","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-0494","cvss3ScoringVector":"CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","cvss3BaseScore":"7.8","cwe":"CWE-416"}],"references":[],"publishedAt":"2023-02-16T06:35:13.579580Z","rpms":{"Rocky Linux 8":{"nvras":["tigervnc-0:1.12.0-9.el8_7.1.aarch64.rpm","tigervnc-0:1.12.0-9.el8_7.1.src.rpm","tigervnc-0:1.12.0-9.el8_7.1.x86_64.rpm","tigervnc-debuginfo-0:1.12.0-9.el8_7.1.aarch64.rpm","tigervnc-debuginfo-0:1.12.0-9.el8_7.1.x86_64.rpm","tigervnc-debugsource-0:1.12.0-9.el8_7.1.aarch64.rpm","tigervnc-debugsource-0:1.12.0-9.el8_7.1.x86_64.rpm","tigervnc-icons-0:1.12.0-9.el8_7.1.noarch.rpm","tigervnc-license-0:1.12.0-9.el8_7.1.noarch.rpm","tigervnc-selinux-0:1.12.0-9.el8_7.1.noarch.rpm","tigervnc-server-0:1.12.0-9.el8_7.1.aarch64.rpm","tigervnc-server-0:1.12.0-9.el8_7.1.x86_64.rpm","tigervnc-server-debuginfo-0:1.12.0-9.el8_7.1.aarch64.rpm","tigervnc-server-debuginfo-0:1.12.0-9.el8_7.1.x86_64.rpm","tigervnc-server-minimal-0:1.12.0-9.el8_7.1.aarch64.rpm","tigervnc-server-minimal-0:1.12.0-9.el8_7.1.x86_64.rpm","tigervnc-server-minimal-debuginfo-0:1.12.0-9.el8_7.1.aarch64.rpm","tigervnc-server-minimal-debuginfo-0:1.12.0-9.el8_7.1.x86_64.rpm","tigervnc-server-module-0:1.12.0-9.el8_7.1.aarch64.rpm","tigervnc-server-module-0:1.12.0-9.el8_7.1.x86_64.rpm","tigervnc-server-module-debuginfo-0:1.12.0-9.el8_7.1.aarch64.rpm","tigervnc-server-module-debuginfo-0:1.12.0-9.el8_7.1.x86_64.rpm"]}},"rebootSuggested":false,"buildReferences":[]}
Rocky Linux: RLSA-2023:0662 tigervnc security update
February 16, 2023
An update is available for tigervnc.
This update affects Rocky Linux 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
Summary
An update is available for tigervnc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Security Fix(es): * xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation (CVE-2023-0494) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
RPMs
tigervnc-0:1.12.0-9.el8_7.1.aarch64.rpm
tigervnc-0:1.12.0-9.el8_7.1.src.rpm
tigervnc-0:1.12.0-9.el8_7.1.x86_64.rpm
tigervnc-debuginfo-0:1.12.0-9.el8_7.1.aarch64.rpm
tigervnc-debuginfo-0:1.12.0-9.el8_7.1.x86_64.rpm
tigervnc-debugsource-0:1.12.0-9.el8_7.1.aarch64.rpm
tigervnc-debugsource-0:1.12.0-9.el8_7.1.x86_64.rpm
tigervnc-icons-0:1.12.0-9.el8_7.1.noarch.rpm
tigervnc-license-0:1.12.0-9.el8_7.1.noarch.rpm
tigervnc-selinux-0:1.12.0-9.el8_7.1.noarch.rpm
tigervnc-server-0:1.12.0-9.el8_7.1.aarch64.rpm
tigervnc-server-0:1.12.0-9.el8_7.1.x86_64.rpm
tigervnc-server-debuginfo-0:1.12.0-9.el8_7.1.aarch64.rpm
tigervnc-server-debuginfo-0:1.12.0-9.el8_7.1.x86_64.rpm
tigervnc-server-minimal-0:1.12.0-9.el8_7.1.aarch64.rpm
tigervnc-server-minimal-0:1.12.0-9.el8_7.1.x86_64.rpm
tigervnc-server-minimal-debuginfo-0:1.12.0-9.el8_7.1.aarch64.rpm
tigervnc-server-minimal-debuginfo-0:1.12.0-9.el8_7.1.x86_64.rpm
tigervnc-server-module-0:1.12.0-9.el8_7.1.aarch64.rpm
tigervnc-server-module-0:1.12.0-9.el8_7.1.x86_64.rpm
tigervnc-server-module-debuginfo-0:1.12.0-9.el8_7.1.aarch64.rpm
tigervnc-server-module-debuginfo-0:1.12.0-9.el8_7.1.x86_64.rpm
References
No References
CVEs
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0494
Severity
Name: RLSA-2023:0662
Affected Products: Rocky Linux 8
Fixes
https://bugzilla.redhat.com/show_bug.cgi?id=2165995
News
HOWTOs
Features
Interview with Guardian Digital CEO Dave Wreski: Open Source Utilization in Email Security Solutions & More
Verifying Linux Server Security: What Every Admin Needs to Know
What Linux, Windows & Mac OS Users Need to Know About VPNs
Complete Guide to Vulnerability Basics
How To Get Live Updates on Critical Linux Security Advisories
About Us
Powered By
