Bug 32513

No registered maintainer, assigning to all

CC: (none) => marja11
Assignee: bugsquad => pkg-bugs

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

OOB write in XIChangeDeviceProperty/RRChangeOutputProperty. (CVE-2023-5367)

Use-after-free bug in DestroyWindow. (CVE-2023-5380)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5367
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5380
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/
https://bugs.mageia.org/show_bug.cgi?id=32453
========================

Updated packages in 9/core/updates_testing:
========================
tigervnc-1.13.1-2.1.mga9
tigervnc-java-1.13.1-2.1.mga9
tigervnc-server-1.13.1-2.1.mga9
tigervnc-server-module-1.13.1-2.1.mga9

from SRPM:
tigervnc-1.13.1-2.1.mga9.src.rpm

Updated packages in 8/core/updates_testing:
========================
tigervnc-1.11.0-4.4.mga8
tigervnc-java-1.11.0-4.4.mga8
tigervnc-server-1.11.0-4.4.mga8
tigervnc-server-module-1.11.0-4.4.mga8

from SRPM:
tigervnc-1.11.0-4.4.mga8.src.rpm

Status: NEW => ASSIGNED
Version: Cauldron => 9
Whiteboard: MGA9TOO, MGA8TOO => MGA8TOO
Assignee: pkg-bugs => qa-bugs

Advisory from comment 2 added to SVN. Please remove the "advisory" keyword if it needs to be changed. It also helps when obsolete advisories are tagged as "obsolete"

MGA8-64 Xfce on Acer Aspire 5253
No installation issues.
Following lead on bug 31386 Comment 3 and mudling thru the HOWTO file, apply the settings explained there, I got 
# systemctl restart vncserver@:1
# systemctl -l status vncserver@:1
● vncserver@:1.service - Remote desktop service (VNC)
     Loaded: loaded (/usr/lib/systemd/system/vncserver@.service; disabled; vendor preset: disabled)
     Active: active (running) since Thu 2023-11-16 11:49:58 CET; 5s ago
    Process: 2769 ExecStart=/usr/libexec/vncsession-start :1 (code=exited, status=0/SUCCESS)
   Main PID: 2776 (vncsession)
      Tasks: 1 (limit: 4364)
     Memory: 500.0K
        CPU: 51ms
     CGroup: /system.slice/system-vncserver.slice/vncserver@:1.service
             ‣ 2776 /usr/sbin/vncsession tester8vnc :1

Nov 16 11:49:57 mach7.hviaene.thuis systemd[1]: Starting Remote desktop service (VNC)...
Nov 16 11:49:58 mach7.hviaene.thuis systemd[1]: Started Remote desktop service (VNC).
And then from the desktop PC I could connect to this laptop with remmina, choosing the vnc option and adressing mach7:1.
That opened as specified in the vnc-settings , a MATE session on this laptop.
Good to go.

Whiteboard: MGA8TOO => MGA8TOO MGA8-64-OK
CC: (none) => herman.viaene

Installed and tested without issues.

Tested the vncserver by starting the systemd service.
Tested clients vncclient, VncViewer.jar and KRDC.
Tested through a ssh tunnel.


System server: Mageia 8, x86_64, Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz.
System client: Mageia 8, x86_64, Plasma DE, LXQt DE, AMD Ryzen 5 5600G with Radeon Graphics.

##### ON THE SERVER #####

# uname -a
Linux marte 6.1.45-desktop-1.mga8 #1 SMP PREEMPT_DYNAMIC Fri Aug 11 22:01:56 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
# rpm -qa | grep tigervnc | sort -u
tigervnc-1.11.0-4.4.mga8
tigervnc-java-1.11.0-4.4.mga8
tigervnc-server-1.11.0-4.4.mga8
tigervnc-server-module-1.11.0-4.4.mga8
# systemctl status vncserver@\:1.service 
● vncserver@:1.service - Remote desktop service (VNC)
     Loaded: loaded (/usr/lib/systemd/system/vncserver@.service; disabled; vendor preset: disabled)
     Active: active (running) since Thu 2023-11-16 17:14:31 WET; 1s ago
    Process: 2308777 ExecStart=/usr/libexec/vncsession-start :1 (code=exited, status=0/SUCCESS)
   Main PID: 2308783 (vncsession)
      Tasks: 1 (limit: 19046)
     Memory: 440.0K
        CPU: 8ms
     CGroup: /system.slice/system-vncserver.slice/vncserver@:1.service
             ‣ 2308783 /usr/sbin/vncsession pclx :1

nov 16 17:14:31 marte systemd[1]: Starting Remote desktop service (VNC)...
nov 16 17:14:31 marte systemd[1]: Started Remote desktop service (VNC).


##### On THE CLIENT #####

$ uname -a
Linux jupiter 6.1.45-desktop-1.mga8 #1 SMP PREEMPT_DYNAMIC Fri Aug 11 22:01:56 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -qa | grep tigervnc | sort
tigervnc-1.11.0-4.3.mga8
tigervnc-java-1.11.0-4.3.mga8
$ vncviewer -geometry 1920x1080 localhost:1

Visualizador TigerVNC 64 bits v1.11.0
Compilado em: 2023-04-05 07:43
Copyright (C) 1999-2020 Equipe TigerVNC e muitos outros (veja README.rst)
Veja https://www.tigervnc.org para informação sobre o TigerVNC.

Thu Nov 16 17:13:07 2023
 DecodeManager: Detected 12 CPU core(s)
 DecodeManager: Creating 4 decoder thread(s)
 CConn:       Conectado ao host localhost porta 5901
 CConnection: Server supports RFB protocol version 3.8
 CConnection: Using RFB protocol version 3.8
 CConnection: Choosing security type VeNCrypt(19)
 CVeNCrypt:   Choosing security type TLSVnc (258)

Thu Nov 16 17:13:11 2023
 DesktopWindow: Ajustando tamanho de janela para evitar solicitação de tela
              cheia acidental
 CConn:       Usando formato de pixel depth 24 (32bpp) little-endian rgb888
 CConnection: Enabling continuous updates
$ java -jar /usr/share/java/VncViewer.jar

TigerVNC Java Viewer v1.11.0 (20230405)
Built on 2023-04-05 at 07:46:25
Copyright (C) 1999-2020 TigerVNC Team and many others (see README.rst)
See https://www.tigervnc.org for information on TigerVNC.
DecodeManager: Detected 12 CPU core(s)
DecodeManager: Creating 4 decoder thread(s)
CConn: connected to host localhost port 5901
CConnection: Server supports RFB protocol version 3.8
CConnection: Using RFB protocol version 3.8
CConn: Using pixel format depth 24 (32bpp) little-endian rgb888
CConnection: Enabling continuous updates

MGA9-64 Xfce on Acer Aspire 5253
No installation issues.
Copied changes in /etc/tigervnc and created user to connect with
# systemctl restart vncserver@:1
[root@mach7 ~]# systemctl -l status vncserver@:1
● vncserver@:1.service - Remote desktop service (VNC)
     Loaded: loaded (/usr/lib/systemd/system/vncserver@.service; disabled; preset: disabled)
     Active: active (running) since Fri 2023-11-17 10:28:10 CET; 3s ago
    Process: 22437 ExecStart=/usr/libexec/vncsession-start :1 (code=exited, status=0/SUCCESS)
   Main PID: 22444 (vncsession)
      Tasks: 0 (limit: 4317)
     Memory: 444.0K
        CPU: 108ms
     CGroup: /system.slice/system-vncserver.slice/vncserver@:1.service
             ‣ 22444 /usr/sbin/vncsession tester9vnc :1

Nov 17 10:28:08 mach7.hviaene.thuis systemd[1]: Starting vncserver@:1.service...
Nov 17 10:28:10 mach7.hviaene.thuis systemd[1]: Started vncserver@:1.service.
Connected form desktop PC with remmina, from own laptop with tigervnc viewer and VncViewer.jar. 
$ java -jar ./VncViewer.jar
Nov 17, 2023 10:41:08 AM java.util.prefs.FileSystemPreferences$1 run
INFO: Created user preferences directory.

TigerVNC Java Viewer v1.13.1 (20231114)
Built on 2023-11-14 at 09:25:46
Copyright (C) 1999-2022 TigerVNC Team and many others (see README.rst)
See https://www.tigervnc.org for information on TigerVNC.
DecodeManager: Detected 2 CPU core(s)
DecodeManager: Creating 2 decoder thread(s)
CConn: connected to host mach7 port 5901
CConnection: Server supports RFB protocol version 3.8
CConnection: Using RFB protocol version 3.8
CConn: Using pixel format depth 24 (32bpp) little-endian rgb888
CConnection: Enabling continuous updates

All worked OK.

Whiteboard: MGA8TOO MGA8-64-OK => MGA8TOO MGA8-64-OK MGA9-64-OK

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0321.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED