Those CVEs were announced here: https://www.openwall.com/lists/oss-security/2024/01/18/1 Mageia 9 is also affected.
Source RPM: (none) => x11-server, x11-server-xwayland, tigervncWhiteboard: (none) => MGA9TOOCVE: (none) => CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886, CVE-2024-0408, CVE-2024-0409
The announcement makes no mention of tigervnc nor tiger nor vnc, so eliminating that from the original bug title & SRPMs. It starts "Issues in X.Org X server prior to 21.1.11 and Xwayland prior to 23.2.4" and "Multiple issues have been found in the X server and Xwayland implementations published by X.Org for which we are releasing security fixes for in xorg-server-21.1.11 and xwayland-23.2.4." and includes "CVE-2023-6816: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer Introduced in: xorg-server-1.13.0 (2012) Fixed in: xorg-server-21.1.11 and xwayland-23.2.4" and "CVE-2024-0409: SELinux context corruption Introduced in: xorg-server-1.16.0 (2014) Fixed in: xorg-server-21.1.11 and xwayland-23.2.4" ns80 (who raised this bug, so should see this comment) is the most recent packager to deal with these SRPMs, so would normally assign to him; also tv, CC'ing him. Assigning globally by default.
Assignee: bugsquad => pkg-bugsStatus comment: (none) => Fixed in: xorg-server-21.1.11 and xwayland-23.2.4Source RPM: x11-server, x11-server-xwayland, tigervnc => x11-server, x11-server-xwaylandCC: (none) => thierry.vignaudSummary: x11-server, x11-server-xwayland and tigervnc new security issues CVE-2023-6816, CVE-2024-0229, CVE-2024-2188[56] and CVE-2024-040[89] => x11-server, x11-server-xwayland new security issues CVE-2023-6816, CVE-2024-0229, CVE-2024-2188[56] and CVE-2024-040[89]
Tigervnc needs to be rebuilt pretty much any time the x11-server source is changed.
Slackware has issued an advisory for those CVEs in tigervnc: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2024&m=slackware-security.374309
Summary: x11-server, x11-server-xwayland new security issues CVE-2023-6816, CVE-2024-0229, CVE-2024-2188[56] and CVE-2024-040[89] => x11-server, x11-server-xwayland and tigervnc new security issues CVE-2023-6816, CVE-2024-0229, CVE-2024-2188[56] and CVE-2024-040[89]Source RPM: x11-server, x11-server-xwayland => x11-server, x11-server-xwayland, tigervnc
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer. (CVE-2023-6816) Reattaching to different master device may lead to out-of-bounds memory access. (CVE-2024-0229) Heap buffer overflow in XISendDeviceHierarchyEvent. (CVE-2024-21885) Heap buffer overflow in DisableDevice. (CVE-2024-21886) SELinux unlabeled GLX PBuffer. (CVE-2024-0408) SELinux context corruption. (CVE-2024-0409) References: https://www.openwall.com/lists/oss-security/2024/01/18/1 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2024&m=slackware-security.374309 ======================== Updated packages in core/updates_testing: ======================== x11-server-21.1.8-7.3.mga9 x11-server-common-21.1.8-7.3.mga9 x11-server-devel-21.1.8-7.3.mga9 x11-server-source-21.1.8-7.3.mga9 x11-server-xephyr-21.1.8-7.3.mga9 x11-server-xnest-21.1.8-7.3.mga9 x11-server-xorg-21.1.8-7.3.mga9 x11-server-xvfb-21.1.8-7.3.mga9 x11-server-xwayland-22.1.9-1.3.mga9 x11-server-xwayland-devel-22.1.9-1.3.mga9 tigervnc-1.13.1-2.3.mga9 tigervnc-java-1.13.1-2.3.mga9 tigervnc-server-1.13.1-2.3.mga9 tigervnc-server-module-1.13.1-2.3.mga9 from SRPMS: x11-server-21.1.8-7.3.mga9.src.rpm x11-server-xwayland-22.1.9-1.3.mga9.src.rpm tigervnc-1.13.1-2.3.mga9.src.rpm
Version: Cauldron => 9Whiteboard: MGA9TOO => (none)Status: NEW => ASSIGNEDStatus comment: Fixed in: xorg-server-21.1.11 and xwayland-23.2.4 => (none)Assignee: pkg-bugs => qa-bugs
CC: (none) => mageia
mga9-64 OK here Updated installed packages to - x11-server-common-21.1.8-7.3.mga9.x86_64 - x11-server-xephyr-21.1.8-7.3.mga9.x86_64 - x11-server-xorg-21.1.8-7.3.mga9.x86_64 - x11-server-xwayland-22.1.9-1.3.mga9.x86_64 Using kernel-linus-6.5.13-2.mga9.x86_64, and mesa and nvidia-newfeature testing updates. OK: Plasma X11, various desktop apps, video, MSW7 guest in VirtualBox 7.0.14. I will during some days test with other nvidia driver flavours and upcoming kernel 6.6.x, report back any problem if I find it related. $ inxi -G Graphics: Device-1: NVIDIA GM107 [GeForce GTX 750] driver: nvidia v: 545.29.06 Display: x11 server: X.org v: 1.21.1.8 with: Xwayland v: 22.1.9 driver: X: loaded: modesetting,nvidia,v4l gpu: nvidia resolution: 3840x2160~60Hz API: OpenGL v: 4.6.0 NVIDIA 545.29.06 renderer: NVIDIA GeForce GTX 750/PCIe/SSE2
CC: (none) => fri
Real hardware mageia 9 x86_64 Packages installed x11-server-common-21.1.8-7.3.mga9.x86_64.rpm x11-server-xwayland-22.1.9-1.3.mga9.x86_64.rpm x11-server-xorg-21.1.8-7.3.mga9.x86_64.rpm Tested lxqt session OK Tested Plasma wayland OK
mga9-64 OK on Dell precision M6300 also in use: new mesa Bug 32759, and kernels desktop-6.6.14-1 and linus-6.6.14-1 Bug 32786 Plasma X11, Firefox video, suspend-resume $ inxi -G Graphics: Device-1: NVIDIA G84GLM [Quadro FX 1600M] driver: nouveau v: kernel Display: x11 server: X.org v: 1.21.1.8 with: Xwayland v: 22.1.9 driver: X: loaded: modesetting,v4l dri: nouveau gpu: nouveau resolution: 1920x1200~60Hz API: OpenGL v: 3.3 Mesa 23.3.3 renderer: NV84
mga9-64 OK on Acer Aspire7 Also in use: new mesa, Bug 32759, and kernel desktop-6.6.14-1 Bug 32786 Plasma X11, Firefox video, suspend-resume, hibernate-resume $ inxi -G Graphics: Device-1: Intel HD Graphics 630 driver: i915 v: kernel Device-2: NVIDIA GP107M [GeForce GTX 1050 Mobile] driver: nouveau v: kernel Device-3: Chicony Integrated HD WebCam type: USB driver: uvcvideo Display: x11 server: X.org v: 1.21.1.8 with: Xwayland v: 22.1.9 driver: X: loaded: intel,v4l dri: i965 gpu: i915 resolution: 1920x1080~60Hz API: OpenGL v: 4.6 Mesa 23.3.3 renderer: Mesa Intel HD Graphics 630 (KBL GT2)
mga9-64 OK Lenovo Thinkpad T510 Also in use: new mesa Bug 32759 Tested before and after update to kernel desktop-6.6.14-1 Bug 32786 Plasma X11, Desktop apps, Firefox internet video, suspend-resume
Advisory from comment 4 added to SVN. Please remove the "advisory" keyword if it needs to be changed. It also helps when obsolete advisories are tagged as "obsolete"
Keywords: (none) => advisoryCC: (none) => marja11
Installed and tested without issues. Tested using Plasma DE desktop and a bunch of applications. System: Mageia 9, x86_64, Plasma DE, Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz, Intel iGPU Xeon E3-1200 using i915 driver. $ uname -a Linux marte 6.6.14-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Sat Jan 27 01:13:53 UTC 2024 x86_64 GNU/Linux $ lspcidrake | grep VGA Card:Intel 810 and later: Intel Corporation|Xeon E3-1200 v3/4th Gen Core Processor Integrated Graphics Controller [DISPLAY_VGA] (rev: 06) $ rpm -qa | grep x11-server | sort x11-server-common-21.1.8-7.3.mga9 x11-server-xorg-21.1.8-7.3.mga9 x11-server-xwayland-22.1.9-1.3.mga9
Installed and tested without issues. Tested using Plasma DE desktop and a bunch of applications. System: Mageia 9, x86_64, Plasma DE, AMD Ryzen 5 5600G with Radeon Graphics the amdgpu driver. $ uname -a Linux jupiter 6.6.14-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Sat Jan 27 01:13:53 UTC 2024 x86_64 GNU/Linux $ lspcidrake | grep VGA Card:ATI Volcanic Islands and later (amdgpu): Advanced Micro Devices, Inc. [AMD/ATI]|Cezanne [Radeon Vega Series / Radeon Vega Mobile Series] [DISPLAY_VGA] (rev: c9) Card:AMD Southern Islands and later (amdgpu): Advanced Micro Devices, Inc. [AMD/ATI]|Navi 24 [Radeon RX 6400/6500 XT/6500M] [DISPLAY_VGA] (rev: c1) $ rpm -qa | grep x11-server x11-server-common-21.1.8-7.3.mga9 x11-server-xorg-21.1.8-7.3.mga9 x11-server-xwayland-22.1.9-1.3.mga9
Installed tigervnc and tested without issues. Tested using Plasma DE desktop and a bunch of applications. Tested the vncserver with multiple clients: vncviewer, VncViewer.jar and KRDC. The VNC server was run on the system described in comment 11. The VNC clients were run on the system described in comment 12. # System VNC server $ rpm -qa | grep tigervnc tigervnc-server-1.13.1-2.3.mga9 # System VNC client $ rpm -qa | grep tigervnc tigervnc-1.13.1-2.3.mga9 tigervnc-java-1.13.1-2.3.mga9 $ java -jar /usr/share/java/VncViewer.jar TigerVNC Java Viewer v1.13.1 (20240126) Built on 2024-01-26 at 15:14:13 Copyright (C) 1999-2022 TigerVNC Team and many others (see README.rst) See https://www.tigervnc.org for information on TigerVNC. DecodeManager: Detected 12 CPU core(s) DecodeManager: Creating 4 decoder thread(s) CConn: connected to host localhost port 5901 CConnection: Server supports RFB protocol version 3.8 CConnection: Using RFB protocol version 3.8 CConn: Using pixel format depth 24 (32bpp) little-endian rgb888 CConnection: Enabling continuous updates $ vncviewer TigerVNC Viewer v1.13.1 Built on: 2024-01-26 15:10 Copyright (C) 1999-2022 TigerVNC Team and many others (see README.rst) See https://www.tigervnc.org for information on TigerVNC. Wed Jan 31 11:52:36 2024 DecodeManager: Detected 12 CPU core(s) DecodeManager: Creating 4 decoder thread(s) CConn: Conectado ao host localhost porta 5901 CConnection: Server supports RFB protocol version 3.8 CConnection: Using RFB protocol version 3.8 CConnection: Choosing security type VeNCrypt(19) CVeNCrypt: Choosing security type TLSVnc (258) Wed Jan 31 11:52:40 2024 CConn: Usando formato de pixel depth 24 (32bpp) little-endian rgb888 CConnection: Enabling continuous updates Wed Jan 31 11:52:42 2024 DecodeManager: raw: 2 rects, 322 pixels DecodeManager: 1,28125 KiB (1:1 ratio) DecodeManager: Tight: 143 rects, 3,82535 Mpixels DecodeManager: 1,40837 MiB (1:10,3625 ratio) DecodeManager: Total: 145 rects, 3,82568 Mpixels DecodeManager: 1,40962 MiB (1:10,3542 ratio)
Forgot to say that the tests in comment 13 were using a ssh tunnel.
Tested in real hardware mageia 9 i586 lxqt Update without issue Reboot and start session without issue rpm -qa | grep x11-server x11-server-common-21.1.8-7.3.mga9 x11-server-xwayland-22.1.9-1.3.mga9 x11-server-xorg-21.1.8-7.3.mga9
CC: (none) => andrewsfarmWhiteboard: (none) => MGA9-64-OK MGA9-32-OK
I let to Thomas validate this
MGA9-32 Xfce on Foolishness, my Dell Inspiron 5100, using the 32-bit desktop kernel. No issues here, either, confirming the 32-bit OK. Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0022.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED