Red Hat Product Errata RHSA-2024:2042 - Security Advisory
Issued:
2024-04-24
Updated:
2024-04-24

RHSA-2024:2042 - Security Advisory

Synopsis

Important: tigervnc security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for tigervnc is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

  • xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents (CVE-2024-31080)
  • xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice (CVE-2024-31081)
  • xorg-x11-server: User-after-free in ProcRenderAddGlyphs (CVE-2024-31083)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

  • BZ - 2271997 - CVE-2024-31080 xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents
  • BZ - 2271998 - CVE-2024-31081 xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice
  • BZ - 2272000 - CVE-2024-31083 xorg-x11-server: User-after-free in ProcRenderAddGlyphs

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
tigervnc-1.11.0-8.el8_4.10.src.rpm SHA-256: 32318606566cf5a6cba8dabc70d303e0fb067f0d9b55032d384dfd8cee50e052
x86_64
tigervnc-1.11.0-8.el8_4.10.x86_64.rpm SHA-256: 56d2fac386ac19c55f3accd13402fee30782863942ff8db97361b201e4c12d15
tigervnc-debuginfo-1.11.0-8.el8_4.10.x86_64.rpm SHA-256: 6abfc3709996c1cb59036b9ddcc079177b7ca8a0a5c36b59a8e7d0bd8f4c848b
tigervnc-debugsource-1.11.0-8.el8_4.10.x86_64.rpm SHA-256: e2476087fc0460a290e280169abcaf22f61a0c72e21a52815af421ee233cc84a
tigervnc-icons-1.11.0-8.el8_4.10.noarch.rpm SHA-256: ebb15f9bba1cf15c26170b9c971d26b5b05cee070d9d2523d786b01c8b51976c
tigervnc-license-1.11.0-8.el8_4.10.noarch.rpm SHA-256: 5306ac8fb136aaf05e32e629f75b8220a56cfc91d341e767767bb71a4bda2f01
tigervnc-selinux-1.11.0-8.el8_4.10.noarch.rpm SHA-256: d2ba60dde3371019212402e95dfe45cb2358add12471613c125ca8d4e4cecb42
tigervnc-server-1.11.0-8.el8_4.10.x86_64.rpm SHA-256: 97ee16572542904246280dc829bd36e7b7a155f23be790a4a35c9afb4b7053a1
tigervnc-server-debuginfo-1.11.0-8.el8_4.10.x86_64.rpm SHA-256: e363e6d6c961ffb6086117a9b3fbcbc45621c73dddee74a48be3f3b60a0950a5
tigervnc-server-minimal-1.11.0-8.el8_4.10.x86_64.rpm SHA-256: be67fb33523fd439289030a20e85379331195ff8a38aedfcb1c74941c0af2a51
tigervnc-server-minimal-debuginfo-1.11.0-8.el8_4.10.x86_64.rpm SHA-256: c33615240242fec9600fee83ae2932f1d94949161796700a6ac68bf431b15e63
tigervnc-server-module-1.11.0-8.el8_4.10.x86_64.rpm SHA-256: 64981e307146387fb145045c5498879a7f205062cb11007845116b4a88a5f022
tigervnc-server-module-debuginfo-1.11.0-8.el8_4.10.x86_64.rpm SHA-256: b8d2cea780f9d50d7be99c31ccf9f49abda35bc8e2eaca8e10a7094afc8493a5

Red Hat Enterprise Linux Server - TUS 8.4

SRPM
tigervnc-1.11.0-8.el8_4.10.src.rpm SHA-256: 32318606566cf5a6cba8dabc70d303e0fb067f0d9b55032d384dfd8cee50e052
x86_64
tigervnc-1.11.0-8.el8_4.10.x86_64.rpm SHA-256: 56d2fac386ac19c55f3accd13402fee30782863942ff8db97361b201e4c12d15
tigervnc-debuginfo-1.11.0-8.el8_4.10.x86_64.rpm SHA-256: 6abfc3709996c1cb59036b9ddcc079177b7ca8a0a5c36b59a8e7d0bd8f4c848b
tigervnc-debugsource-1.11.0-8.el8_4.10.x86_64.rpm SHA-256: e2476087fc0460a290e280169abcaf22f61a0c72e21a52815af421ee233cc84a
tigervnc-icons-1.11.0-8.el8_4.10.noarch.rpm SHA-256: ebb15f9bba1cf15c26170b9c971d26b5b05cee070d9d2523d786b01c8b51976c
tigervnc-license-1.11.0-8.el8_4.10.noarch.rpm SHA-256: 5306ac8fb136aaf05e32e629f75b8220a56cfc91d341e767767bb71a4bda2f01
tigervnc-selinux-1.11.0-8.el8_4.10.noarch.rpm SHA-256: d2ba60dde3371019212402e95dfe45cb2358add12471613c125ca8d4e4cecb42
tigervnc-server-1.11.0-8.el8_4.10.x86_64.rpm SHA-256: 97ee16572542904246280dc829bd36e7b7a155f23be790a4a35c9afb4b7053a1
tigervnc-server-debuginfo-1.11.0-8.el8_4.10.x86_64.rpm SHA-256: e363e6d6c961ffb6086117a9b3fbcbc45621c73dddee74a48be3f3b60a0950a5
tigervnc-server-minimal-1.11.0-8.el8_4.10.x86_64.rpm SHA-256: be67fb33523fd439289030a20e85379331195ff8a38aedfcb1c74941c0af2a51
tigervnc-server-minimal-debuginfo-1.11.0-8.el8_4.10.x86_64.rpm SHA-256: c33615240242fec9600fee83ae2932f1d94949161796700a6ac68bf431b15e63
tigervnc-server-module-1.11.0-8.el8_4.10.x86_64.rpm SHA-256: 64981e307146387fb145045c5498879a7f205062cb11007845116b4a88a5f022
tigervnc-server-module-debuginfo-1.11.0-8.el8_4.10.x86_64.rpm SHA-256: b8d2cea780f9d50d7be99c31ccf9f49abda35bc8e2eaca8e10a7094afc8493a5

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM
tigervnc-1.11.0-8.el8_4.10.src.rpm SHA-256: 32318606566cf5a6cba8dabc70d303e0fb067f0d9b55032d384dfd8cee50e052
ppc64le
tigervnc-1.11.0-8.el8_4.10.ppc64le.rpm SHA-256: 348b9860d9e4467134225d7a044ab9ce7420e7bc8ae8301c7c9e2673fd586189
tigervnc-debuginfo-1.11.0-8.el8_4.10.ppc64le.rpm SHA-256: f75cecb95a5eb5fa64c7fcaa2995899a1852bcc10f9316ed5de4b27730803a26
tigervnc-debugsource-1.11.0-8.el8_4.10.ppc64le.rpm SHA-256: 10d6669bd49460b76187650b8d2ee05323470f7c4da3b495aee4ffb37874d4f7
tigervnc-icons-1.11.0-8.el8_4.10.noarch.rpm SHA-256: ebb15f9bba1cf15c26170b9c971d26b5b05cee070d9d2523d786b01c8b51976c
tigervnc-license-1.11.0-8.el8_4.10.noarch.rpm SHA-256: 5306ac8fb136aaf05e32e629f75b8220a56cfc91d341e767767bb71a4bda2f01
tigervnc-selinux-1.11.0-8.el8_4.10.noarch.rpm SHA-256: d2ba60dde3371019212402e95dfe45cb2358add12471613c125ca8d4e4cecb42
tigervnc-server-1.11.0-8.el8_4.10.ppc64le.rpm SHA-256: 81a0ea9f40e7ce3aa3c1e5f6b2186c949b34e1714990cbb4ea37606278d3d5ee
tigervnc-server-debuginfo-1.11.0-8.el8_4.10.ppc64le.rpm SHA-256: 123d8ea5c53dd032189973a555055cfd74a5a00c1b2b9a84a852ba53bdea1bca
tigervnc-server-minimal-1.11.0-8.el8_4.10.ppc64le.rpm SHA-256: 9e0c154882b82ca6d06eb0803aad5a508cd4e10f6de4c24ac1bd807818a8c9b4
tigervnc-server-minimal-debuginfo-1.11.0-8.el8_4.10.ppc64le.rpm SHA-256: da7bd7fc05373d1ee60a39729f5f93cac70c673f98f95b8dad2faabf10771c74
tigervnc-server-module-1.11.0-8.el8_4.10.ppc64le.rpm SHA-256: 9db5b7a99889c186075e553cf934b8fbc285858505d9a8364856169e9faff2d5
tigervnc-server-module-debuginfo-1.11.0-8.el8_4.10.ppc64le.rpm SHA-256: 21dc44fc94c3425cba48eaac15efa86bad573f079b9870548464c63ca8c302da

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM
tigervnc-1.11.0-8.el8_4.10.src.rpm SHA-256: 32318606566cf5a6cba8dabc70d303e0fb067f0d9b55032d384dfd8cee50e052
x86_64
tigervnc-1.11.0-8.el8_4.10.x86_64.rpm SHA-256: 56d2fac386ac19c55f3accd13402fee30782863942ff8db97361b201e4c12d15
tigervnc-debuginfo-1.11.0-8.el8_4.10.x86_64.rpm SHA-256: 6abfc3709996c1cb59036b9ddcc079177b7ca8a0a5c36b59a8e7d0bd8f4c848b
tigervnc-debugsource-1.11.0-8.el8_4.10.x86_64.rpm SHA-256: e2476087fc0460a290e280169abcaf22f61a0c72e21a52815af421ee233cc84a
tigervnc-icons-1.11.0-8.el8_4.10.noarch.rpm SHA-256: ebb15f9bba1cf15c26170b9c971d26b5b05cee070d9d2523d786b01c8b51976c
tigervnc-license-1.11.0-8.el8_4.10.noarch.rpm SHA-256: 5306ac8fb136aaf05e32e629f75b8220a56cfc91d341e767767bb71a4bda2f01
tigervnc-selinux-1.11.0-8.el8_4.10.noarch.rpm SHA-256: d2ba60dde3371019212402e95dfe45cb2358add12471613c125ca8d4e4cecb42
tigervnc-server-1.11.0-8.el8_4.10.x86_64.rpm SHA-256: 97ee16572542904246280dc829bd36e7b7a155f23be790a4a35c9afb4b7053a1
tigervnc-server-debuginfo-1.11.0-8.el8_4.10.x86_64.rpm SHA-256: e363e6d6c961ffb6086117a9b3fbcbc45621c73dddee74a48be3f3b60a0950a5
tigervnc-server-minimal-1.11.0-8.el8_4.10.x86_64.rpm SHA-256: be67fb33523fd439289030a20e85379331195ff8a38aedfcb1c74941c0af2a51
tigervnc-server-minimal-debuginfo-1.11.0-8.el8_4.10.x86_64.rpm SHA-256: c33615240242fec9600fee83ae2932f1d94949161796700a6ac68bf431b15e63
tigervnc-server-module-1.11.0-8.el8_4.10.x86_64.rpm SHA-256: 64981e307146387fb145045c5498879a7f205062cb11007845116b4a88a5f022
tigervnc-server-module-debuginfo-1.11.0-8.el8_4.10.x86_64.rpm SHA-256: b8d2cea780f9d50d7be99c31ccf9f49abda35bc8e2eaca8e10a7094afc8493a5

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.