MGASA-2023-0118 - Updated tigervnc/x11-server packages fix security vulnerability

Publication date: 31 Mar 2023
URL: https://advisories.mageia.org/MGASA-2023-0118.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2023-0494

DeepCopyPointerClasses use-after-free leads to privilege elevation.
(CVE-2023-0494)

References:
- https://bugs.mageia.org/show_bug.cgi?id=31523
- https://access.redhat.com/errata/RHSA-2023:0622
- https://lists.x.org/archives/xorg-announce/2023-February/003320.html
- https://lists.x.org/archives/xorg-announce/2023-February/003321.html
- https://lists.x.org/archives/xorg-announce/2023-February/003322.html
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HSNILY742FXA5BCFCFYJFV25HDJSBYFG/
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DILJFVN2VRCI733YOB627LK2NDU5FO4Q/
- https://access.redhat.com/errata/RHSA-2023:0675
- https://www.debian.org/security/2023/dsa-5342
- https://ubuntu.com/security/notices/USN-5846-1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EW32TRKDYCE243TZOU75JUXT4AHPPDVT/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VXKWNOBBI2ZCTIV3D4TT7EVVWMLTF6P2/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0494

SRPMS:
- 8/core/tigervnc-1.11.0-4.2.mga8
- 8/core/x11-server-1.20.14-4.2.mga8