Fix CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow

Resolves: RHEL-15237

Fix CVE-2023-5367 tigervnc: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty
Resolves: RHEL-15249
This commit is contained in:
Jan Grulich 2023-11-01 15:14:21 +01:00
parent ebd2a0d7a1
commit 71f9cb9382

View File

@ -5,7 +5,7 @@
Name: tigervnc
Version: 1.13.1
Release: 3%{?dist}
Release: 4%{?dist}
Summary: A TigerVNC remote display system
%global _hardened_build 1
@ -367,9 +367,16 @@ fi
%files selinux
%{_datadir}/selinux/packages/%{selinuxtype}/%{modulename}.pp.*
%ghost %verify(not md5 size mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename}
%changelog
* Wed Nov 01 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-4
- Fix CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow
Resolves: RHEL-15237
- Fix CVE-2023-5367 tigervnc: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty
Resolves: RHEL-15249
* Mon Oct 09 2023 Jan Grulich <jgrulich@redhat.com> - 1.13.1-3
- Support username alias in PlainUsers
Resolves: RHEL-8430