Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 23 articles for you...
89
security advisoryfedoraDoSFedora 43 TigerVNC Security Update for CVE Reference 2026-492e92b32d
Update to xserver 21.1.22, CVE fix for: CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, CVE-2026-34003. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-492e92b32d 2026-04-25 01:42:21.312792+00:00 -------------------------------------------------------------------------------- Name : tigervnc Product : Fedora 43 Version : 1.16.2 Release : 2.fc43 URL : https://www.tigervnc.com Summary : A TigerVNC remote display system Description : Virtual Network Computing (VNC) is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. This package contains a client which will allow you to connect to other desktops running a VNC server. -------------------------------------------------------------------------------- Update Information: Update to xserver 21.1.22, CVE fix for: CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, CVE-2026-34003 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 16 2026 Jan Grulich - 1.16.2-2 - Fixes CVEs: CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, CVE-2026-34003 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-492e92b32d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 25, 2026
•Important
Fedora
89
security advisoryfedoraimportantFedora 42: TigerVNC Important CVE Fixes for Remote Access 2025-f59b250c31
Fix recent xorg-x11-server CVEs: Fixes: CVE-2025-62229 CVE-2025-62230 CVE-2025-62231. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-f59b250c31 2025-12-03 01:05:22.296747+00:00 -------------------------------------------------------------------------------- Name : tigervnc Product : Fedora 42 Version : 1.15.0 Release : 10.fc42 URL : http://www.tigervnc.com Summary : A TigerVNC remote display system Description : Virtual Network Computing (VNC) is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. This package contains a client which will allow you to connect to other desktops running a VNC server. -------------------------------------------------------------------------------- Update Information: Fix recent xorg-x11-server CVEs: Fixes: CVE-2025-62229 CVE-2025-62230 CVE-2025-62231 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 24 2025 Jan Grulich - 1.15.0-10 - Rebuild (xorg-x11-server) Fixes: CVE-2025-62229 CVE-2025-62230 CVE-2025-62231 * Tue Nov 11 2025 Cristian Le - 1.15.0-9 - Allow to build with CMake 4.0 (rhbz#2381485) * Wed Oct 15 2025 Dominik Mierzejewski - 1.15.0-8 - Rebuilt for FFmpeg 8 * Fri Jul 25 2025 Fedora Release Engineering - 1.15.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2375539 - CVE-2025-49180 tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2375539 [ 2 ] Bug #2375544 - CVE-2025-49179 tigervnc: Integer overflow in X Record extension [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2375544 [ 3 ] Bug #2375554 - CVE-2025-49176 tigervnc: Integer Overflow in Big Requests Extension [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2375554 [ 4 ] Bug #2375557 - CVE-2025-49175 tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2375557 [ 5 ] Bug #2375561 - CVE-2025-49177 tigervnc: Data Leak in XFIXES Extension's XFixesSetClientDisconnectMode [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2375561 [ 6 ] Bug #2375564 - CVE-2025-49178 tigervnc: Unprocessed Client Request Due to Bytes to Ignore [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2375564 [ 7 ] Bug #2407297 - CVE-2025-62231 tigervnc: Value overflow in XkbSetCompatMap() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2407297 [ 8 ] Bug #2407299 - CVE-2025-62230 tigervnc: Use-after-free in Xkb client resource removal [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2407299 [ 9 ] Bug #2407304 - CVE-2025-62229 tigervnc: Use-after-free in XPresentNotify structure creation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2407304 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-f59b250c31' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Dec 03, 2025
•Important
Fedora
89
security advisoryfedorasecurity fixFedora 43: TigerVNC Moderate Use-After-Free Issues FEDORA-2025-e0c935675d
Fix recent xorg-x11-server CVEs: Fixes: CVE-2025-62229 CVE-2025-62230 CVE-2025-62231. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-e0c935675d 2025-12-03 00:52:00.122524+00:00 -------------------------------------------------------------------------------- Name : tigervnc Product : Fedora 43 Version : 1.15.0 Release : 10.fc43 URL : http://www.tigervnc.com Summary : A TigerVNC remote display system Description : Virtual Network Computing (VNC) is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. This package contains a client which will allow you to connect to other desktops running a VNC server. -------------------------------------------------------------------------------- Update Information: Fix recent xorg-x11-server CVEs: Fixes: CVE-2025-62229 CVE-2025-62230 CVE-2025-62231 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 24 2025 Jan Grulich - 1.15.0-10 - Rebuild (xorg-x11-server) Fixes: CVE-2025-62229 CVE-2025-62230 CVE-2025-62231 * Tue Nov 11 2025 Cristian Le - 1.15.0-9 - Allow to build with CMake 4.0 (rhbz#2381485) * Wed Oct 15 2025 Dominik Mierzejewski - 1.15.0-8 - Rebuilt for FFmpeg 8 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2375539 - CVE-2025-49180 tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2375539 [ 2 ] Bug #2375544 - CVE-2025-49179 tigervnc: Integer overflow in X Record extension [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2375544 [ 3 ] Bug #2375554 - CVE-2025-49176 tigervnc: Integer Overflow in Big Requests Extension [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2375554 [ 4 ] Bug #2375557 - CVE-2025-49175 tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2375557 [ 5 ] Bug #2375561 - CVE-2025-49177 tigervnc: Data Leak in XFIXES Extension's XFixesSetClientDisconnectMode [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2375561 [ 6 ] Bug #2375564 - CVE-2025-49178 tigervnc: Unprocessed Client Request Due to Bytes to Ignore [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2375564 [ 7 ] Bug #2407297 - CVE-2025-62231 tigervnc: Value overflow in XkbSetCompatMap() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2407297 [ 8 ] Bug #2407299 - CVE-2025-62230 tigervnc: Use-after-free in Xkb client resource removal [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2407299 [ 9 ] Bug #2407304 - CVE-2025-62229 tigervnc: Use-after-free in XPresentNotify structure creation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2407304 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-e0c935675d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Dec 03, 2025
•Important
Fedora
89
security advisoryfedoracriticalFedora 42: tigervnc critical CVE fixes for multiple xorg issues
xorg-x11-server CVE fix for CVE-2025-49175, CVE-2025-49176, CVE-2025-49177, CVE-2025-49178, CVE-2025-49179, CVE-2025-49180. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-984e1cee93 2025-06-28 01:13:17.787622+00:00 -------------------------------------------------------------------------------- Name : tigervnc Product : Fedora 42 Version : 1.15.0 Release : 6.fc42 URL : https://tigervnc.org/ Summary : A TigerVNC remote display system Description : Virtual Network Computing (VNC) is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. This package contains a client which will allow you to connect to other desktops running a VNC server. -------------------------------------------------------------------------------- Update Information: xorg-x11-server CVE fix for CVE-2025-49175, CVE-2025-49176, CVE-2025-49177, CVE-2025-49178, CVE-2025-49179, CVE-2025-49180 -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 23 2025 Jan Grulich - 1.15.0-6 - Rebuild (xorg-x11-server) Fixes: CVE-2025-49175 / CVE-2025-49176 / CVE-2025-49177 CVE-2025-49178 / CVE-2025-49179 / CVE-2025-49180 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-984e1cee93' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jun 28, 2025
•Critical
Fedora
89
security advisorysecurity issueupdateFedora 40: tigervnc 2025-a87bc329fe Security Advisory Updates
Fixes for xorg-x11-server CVEs.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-a87bc329fe 2025-03-13 01:47:29.556428+00:00 -------------------------------------------------------------------------------- Name : tigervnc Product : Fedora 40 Version : 1.15.0 Release : 2.fc40 URL : https://tigervnc.org/ Summary : A TigerVNC remote display system Description : Virtual Network Computing (VNC) is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. This package contains a client which will allow you to connect to other desktops running a VNC server. -------------------------------------------------------------------------------- Update Information: Fixes for xorg-x11-server CVEs. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 3 2025 Jan Grulich - 1.15.0-2 - Rebuild (xorg-x11-server) Fixes CVE-2025-26594, CVE-2025-26595, CVE-2025-26596, CVE-2025-26597, CVE-2025-26598, CVE-2025-26599, CVE-2025-26600, CVE-2025-26601 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2349366 - CVE-2025-26598 tigervnc: Out-of-bounds write in CreatePointerBarrierClient() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2349366 [ 2 ] Bug #2349369 - CVE-2025-26594 tigervnc: Use-after-free of the root cursor [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2349369 [ 3 ] Bug #2349372 - CVE-2025-26596 tigervnc: Heap overflow in XkbWriteKeySyms() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2349372 [ 4 ] Bug #2349375 - CVE-2025-26595 tigervnc: Buffer overflow in XkbVModMaskText() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2349375 [ 5 ]Bug #2349378 - CVE-2025-26597 tigervnc: Buffer overflow in XkbChangeTypesOfKey() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2349378 [ 6 ] Bug #2349455 - CVE-2025-26599 tigervnc: Use of uninitialized pointer in compRedirectWindow() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2349455 [ 7 ] Bug #2349460 - CVE-2025-26601 tigervnc: Use-after-free in SyncInitTrigger() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2349460 [ 8 ] Bug #2349461 - CVE-2025-26600 tigervnc: Use-after-free in PlayReleasedEvents() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2349461 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-a87bc329fe' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Mar 13, 2025
•Critical
Fedora
89
security advisorymoderateFedoraFedora 38 FEDORA-2023-dbacf5d9f6 Moderate: Tigervnc Out-of-Bounds Fix
Fixes CVEs reported against Xserver.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-dbacf5d9f6 2023-11-13 01:29:00.044871 -------------------------------------------------------------------------------- Name : tigervnc Product : Fedora 38 Version : 1.13.1 Release : 6.fc38 URL : https://tigervnc.org/ Summary : A TigerVNC remote display system Description : Virtual Network Computing (VNC) is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. This package contains a client which will allow you to connect to other desktops running a VNC server. -------------------------------------------------------------------------------- Update Information: Fixes CVEs reported against Xserver. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 2 2023 Jan Grulich - 1.13.1-6 - Fix CVE-2023-5380 and CVE-2023-5367 (rebuild with fixed Xorg) * Wed Oct 18 2023 Kalev Lember - 1.13.1-5 - Drop unrecognized configure options - Add buildrequires to get correct font and xkb directories from pkg-config - Re-enable server in flatpak builds and fix the build * Sat Jul 22 2023 Fedora Release Engineering - 1.13.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2247468 - CVE-2023-5367 tigervnc: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247468 [ 2 ] Bug #2247469 - CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2247469 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-dbacf5d9f6' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 13, 2023
Fedora
98
security advisoryprivilege escalationsecurity fixRed Hat 9.0: RHSA-2023-1599-01 Critical: tigervnc Local Escalation
An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: tigervnc security update Advisory ID: RHSA-2023:1599-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:1599 Issue date: 2023-04-04 CVE Names: CVE-2023-1393 ==================================================================== 1. Summary: An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Security Fix(es): * xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability (CVE-2023-1393) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2180288 - CVE-2023-1393 xorg-x11-server: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability 6. Package List: Red Hat Enterprise Linux AppStream EUS(v.9.0): Source: tigervnc-1.11.0-22.el9_0.2.src.rpm aarch64: tigervnc-1.11.0-22.el9_0.2.aarch64.rpm tigervnc-debuginfo-1.11.0-22.el9_0.2.aarch64.rpm tigervnc-debugsource-1.11.0-22.el9_0.2.aarch64.rpm tigervnc-server-1.11.0-22.el9_0.2.aarch64.rpm tigervnc-server-debuginfo-1.11.0-22.el9_0.2.aarch64.rpm tigervnc-server-minimal-1.11.0-22.el9_0.2.aarch64.rpm tigervnc-server-minimal-debuginfo-1.11.0-22.el9_0.2.aarch64.rpm tigervnc-server-module-1.11.0-22.el9_0.2.aarch64.rpm tigervnc-server-module-debuginfo-1.11.0-22.el9_0.2.aarch64.rpm noarch: tigervnc-icons-1.11.0-22.el9_0.2.noarch.rpm tigervnc-license-1.11.0-22.el9_0.2.noarch.rpm tigervnc-selinux-1.11.0-22.el9_0.2.noarch.rpm ppc64le: tigervnc-1.11.0-22.el9_0.2.ppc64le.rpm tigervnc-debuginfo-1.11.0-22.el9_0.2.ppc64le.rpm tigervnc-debugsource-1.11.0-22.el9_0.2.ppc64le.rpm tigervnc-server-1.11.0-22.el9_0.2.ppc64le.rpm tigervnc-server-debuginfo-1.11.0-22.el9_0.2.ppc64le.rpm tigervnc-server-minimal-1.11.0-22.el9_0.2.ppc64le.rpm tigervnc-server-minimal-debuginfo-1.11.0-22.el9_0.2.ppc64le.rpm tigervnc-server-module-1.11.0-22.el9_0.2.ppc64le.rpm tigervnc-server-module-debuginfo-1.11.0-22.el9_0.2.ppc64le.rpm s390x: tigervnc-1.11.0-22.el9_0.2.s390x.rpm tigervnc-debuginfo-1.11.0-22.el9_0.2.s390x.rpm tigervnc-debugsource-1.11.0-22.el9_0.2.s390x.rpm tigervnc-server-1.11.0-22.el9_0.2.s390x.rpm tigervnc-server-debuginfo-1.11.0-22.el9_0.2.s390x.rpm tigervnc-server-minimal-1.11.0-22.el9_0.2.s390x.rpm tigervnc-server-minimal-debuginfo-1.11.0-22.el9_0.2.s390x.rpm tigervnc-server-module-1.11.0-22.el9_0.2.s390x.rpm tigervnc-server-module-debuginfo-1.11.0-22.el9_0.2.s390x.rpm x86_64: tigervnc-1.11.0-22.el9_0.2.x86_64.rpm tigervnc-debuginfo-1.11.0-22.el9_0.2.x86_64.rpm tigervnc-debugsource-1.11.0-22.el9_0.2.x86_64.rpm tigervnc-server-1.11.0-22.el9_0.2.x86_64.rpm tigervnc-server-debuginfo-1.11.0-22.el9_0.2.x86_64.rpm tigervnc-server-minimal-1.11.0-22.el9_0.2.x86_64.rpm tigervnc-server-minimal-debuginfo-1.11.0-22.el9_0.2.x86_64.rpm tigervnc-server-module-1.11.0-22.el9_0.2.x86_64.rpm tigervnc-server-module-debuginfo-1.11.0-22.el9_0.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2023-1393 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZCw/ItzjgjWX9erEAQiNEw/+NSKeID9MFl/F+AZhYIVB0rHAqfGN3CO3 rMSJPbBZ+Fo5hphZLuEjuZquEWFMLZ/WbjFUlAjNdP2gHF8ewCI6ErMQ5dHOTrg5 /EOKbVF2PAXZPl+7jEwVWX2Uny4cKPvWiNpoPUmRnUbjFXvElwZMOi9lFMWr011W 2JWPazQ8UVlQHFh3Oo/XfONulbxgRjUafBxVSJWPtRFiVmgSWSXnyz/jT7z8Trdn VmvHQJYVh/v2pRF4/lnO6BhlLDBA8BGaLfa7TYgQ+GP2kEKPvz/AUuLS1Da1ytk8 KPgGWpOcUJHC2mHQJE5QLRW7kgLl09q+SRXTEbNFBiCJDBlxlyvMR7bRxkFL//Lj WIaMADn/6Aa5AlX2JM+CoXjIsMjDwPR1WDUGGcvy9y+WkNK2a7Tmn1jjIzYo3Cz8 EzTdya3dVGz2ZAaYRXPvUWrpB0vRpUwVfByhPnhaZBK/eOP7blgjcpa/4bQYsjZo yv7Iz+W5vhYtzOiUn/8eFgGL2/pUXC76CWm5C/El7ZxmGoMvdGfCQgIYXIUH5SuL eOwUn+7Nf8IaYtbKkTW7oc4ArR7PMarDHvdbE4hN4e5oHQJYgdxEQeMBZy/BKC9n wNRXtYbufEEQt268rcF1iFTSGDwVHy9uIfO8QnymD9cF1DPMWurRr+X3E1pByS/s 5t++SrIu+rc=LUkX -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 04, 2023
•Important
Red Hat
219
security advisoryprivilege escalationremote displayRocky Linux: RLSA-2023:0622 Important: Tigervnc Privilege Escalation
Important: tigervnc security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2023:0622", "synopsis": "Important: tigervnc security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for tigervnc.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.\n\nSecurity Fix(es):\n\n* xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation (CVE-2023-0494)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2165995", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2165995", "description": ""}], "cves": [{"name": "CVE-2023-0494", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-0494", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-416"}], "references": [], "publishedAt": "2023-02-16T06:36:03.545804Z", "rpms": {"Rocky Linux 9": {"nvras": ["tigervnc-0:1.12.0-5.el9_1.1.ppc64le.rpm", "tigervnc-0:1.12.0-5.el9_1.1.aarch64.rpm", "tigervnc-0:1.12.0-5.el9_1.1.s390x.rpm", "tigervnc-0:1.12.0-5.el9_1.1.src.rpm", "tigervnc-debuginfo-0:1.12.0-5.el9_1.1.aarch64.rpm", "tigervnc-debuginfo-0:1.12.0-5.el9_1.1.ppc64le.rpm", "tigervnc-debuginfo-0:1.12.0-5.el9_1.1.s390x.rpm", "tigervnc-debugsource-0:1.12.0-5.el9_1.1.aarch64.rpm", "tigervnc-debugsource-0:1.12.0-5.el9_1.1.ppc64le.rpm","tigervnc-debugsource-0:1.12.0-5.el9_1.1.s390x.rpm", "tigervnc-icons-0:1.12.0-5.el9_1.1.noarch.rpm", "tigervnc-license-0:1.12.0-5.el9_1.1.noarch.rpm", "tigervnc-selinux-0:1.12.0-5.el9_1.1.noarch.rpm", "tigervnc-server-0:1.12.0-5.el9_1.1.aarch64.rpm", "tigervnc-server-0:1.12.0-5.el9_1.1.ppc64le.rpm", "tigervnc-server-0:1.12.0-5.el9_1.1.s390x.rpm", "tigervnc-server-debuginfo-0:1.12.0-5.el9_1.1.aarch64.rpm", "tigervnc-server-debuginfo-0:1.12.0-5.el9_1.1.ppc64le.rpm", "tigervnc-server-debuginfo-0:1.12.0-5.el9_1.1.s390x.rpm", "tigervnc-server-minimal-0:1.12.0-5.el9_1.1.aarch64.rpm", "tigervnc-server-minimal-0:1.12.0-5.el9_1.1.ppc64le.rpm", "tigervnc-server-minimal-0:1.12.0-5.el9_1.1.s390x.rpm", "tigervnc-server-minimal-debuginfo-0:1.12.0-5.el9_1.1.aarch64.rpm", "tigervnc-server-minimal-debuginfo-0:1.12.0-5.el9_1.1.ppc64le.rpm", "tigervnc-server-minimal-debuginfo-0:1.12.0-5.el9_1.1.s390x.rpm", "tigervnc-server-module-0:1.12.0-5.el9_1.1.aarch64.rpm", "tigervnc-server-module-0:1.12.0-5.el9_1.1.ppc64le.rpm", "tigervnc-server-module-0:1.12.0-5.el9_1.1.s390x.rpm", "tigervnc-server-module-debuginfo-0:1.12.0-5.el9_1.1.aarch64.rpm", "tigervnc-server-module-debuginfo-0:1.12.0-5.el9_1.1.ppc64le.rpm", "tigervnc-server-module-debuginfo-0:1.12.0-5.el9_1.1.s390x.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. An urgent security notice for Rocky Linux concerning tigervnc, highlighting a significant risk of privilege escalation.. TigerVNC Security, Rocky Linux Update, Privilege Escalation Risk. . Severity: Important. LinuxSecurity.com Team
Feb 16, 2023
•Important
Rocky Linux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!