Updated tigervnc packages fix security vulnerabilities
Publication date: 20 Nov 2023Modification date: 20 Nov 2023
Type: security
Affected Mageia releases : 8 , 9
CVE: CVE-2023-5367 , CVE-2023-5380
Description
The updated packages fix security vulnerabilities:
OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
(CVE-2023-5367)
Use-after-free bug in DestroyWindow. (CVE-2023-5380)
References
- https://bugs.mageia.org/show_bug.cgi?id=32513
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/
- https://bugs.mageia.org/show_bug.cgi?id=32453
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5367
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5380
SRPMS
8/core
- tigervnc-1.11.0-4.4.mga8
9/core
- tigervnc-1.13.1-2.1.mga9