rpms/tigervnc
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice

Browse Source 
Resolves: RHEL-20388

Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent
Resolves: RHEL-20382

Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access
Resolves: RHEL-20530

Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer
Resolves: RHEL-21214
This commit is contained in:
Jan Grulich 2024-01-22 09:58:22 +01:00
parent c32f5f2f67
commit 17a271c1e7
2 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
tigervnc-dont-get-pointer-position-for-floating-device.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/unix/xserver/hw/vnc/vncInput.c b/unix/xserver/hw/vnc/vncInput.c
index b3d0926d..d36a096f 100644
--- a/unix/xserver/hw/vnc/vncInput.c
+++ b/unix/xserver/hw/vnc/vncInput.c
@@ -167,7 +167,7 @@ void vncPointerMove(int x, int y)
void vncGetPointerPos(int *x, int *y)
{
- if (vncPointerDev != NULL) {
+ if (vncPointerDev != NULL && !IsFloating(vncPointerDev)) {
ScreenPtr ptrScreen;
miPointerGetPosition(vncPointerDev, &cursorPosX, &cursorPosY);

18
tigervnc.spec
View File

@ -5,7 +5,7 @@
Name: tigervnc Name: tigervnc
Version: 1.13.1 Version: 1.13.1
Release: 6%{?dist} Release: 7%{?dist}
Summary: A TigerVNC remote display system Summary: A TigerVNC remote display system
%global _hardened_build 1 %global _hardened_build 1
@ -30,6 +30,9 @@ Patch3: tigervnc-dont-install-appstream-metadata-file.patch
Patch50: tigervnc-support-username-alias-in-plainusers.patch Patch50: tigervnc-support-username-alias-in-plainusers.patch
Patch51: tigervnc-use-dup-to-get-available-fd-for-inetd.patch Patch51: tigervnc-use-dup-to-get-available-fd-for-inetd.patch
# Upstreamable patches
Patch80: tigervnc-dont-get-pointer-position-for-floating-device.patch
# This is tigervnc-%%{version}/unix/xserver116.patch rebased on the latest xorg # This is tigervnc-%%{version}/unix/xserver116.patch rebased on the latest xorg
Patch100: tigervnc-xserver120.patch Patch100: tigervnc-xserver120.patch
# 1326867 - [RHEL7.3] GLX applications in an Xvnc session fails to start # 1326867 - [RHEL7.3] GLX applications in an Xvnc session fails to start
@ -193,6 +196,9 @@ popd
%patch50 -p1 -b .support-username-alias-in-plainusers %patch50 -p1 -b .support-username-alias-in-plainusers
%patch51 -p1 -b .use-dup-to-get-available-fd-for-inetd %patch51 -p1 -b .use-dup-to-get-available-fd-for-inetd
# Upstreamable patches
%patch80 -p1 -b .dont-get-pointer-position-for-floating-device
%build %build
%ifarch sparcv9 sparc64 s390 s390x %ifarch sparcv9 sparc64 s390 s390x
export CFLAGS="$RPM_OPT_FLAGS -fPIC" export CFLAGS="$RPM_OPT_FLAGS -fPIC"
@ -346,6 +352,16 @@ fi
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename} %ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
%changelog %changelog
* Mon Jan 22 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-7
- Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice
Resolves: RHEL-20388
- Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent
Resolves: RHEL-20382
- Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access
Resolves: RHEL-20530
- Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer
Resolves: RHEL-21214
* Mon Jan 08 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-6 * Mon Jan 08 2024 Jan Grulich <jgrulich@redhat.com> - 1.13.1-6
- Use dup() to get available file descriptor when using -inetd option - Use dup() to get available file descriptor when using -inetd option
Resolves: RHEL-21000 Resolves: RHEL-21000