ALSA-2025:2502

[ALSA-2025:2502] Important: tigervnc security update

Type:

security

Severity:

important

Release date:

2025-03-17

Description:

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.  

Security Fix(es):  

  * X.Org: Xwayland: Use-after-free of the root cursor (CVE-2025-26594)
  * xorg: xwayland: Use-after-free in SyncInitTrigger() (CVE-2025-26601)
  * xorg: xwayland: Use-after-free in PlayReleasedEvents() (CVE-2025-26600)
  * xorg: xwayland: Use of uninitialized pointer in compRedirectWindow() (CVE-2025-26599)
  * xorg: xwayland: Out-of-bounds write in CreatePointerBarrierClient() (CVE-2025-26598)
  * xorg: xwayland: Buffer overflow in XkbChangeTypesOfKey() (CVE-2025-26597)
  * xorg: xwayland: Heap overflow in XkbWriteKeySyms() (CVE-2025-26596)
  * Xorg: xwayland: Buffer overflow in XkbVModMaskText() (CVE-2025-26595)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	tigervnc-server-1.13.1-15.el8_10.aarch64.rpm	1bf367ddf5155c7181d1c4fd605c10d12f0f48870392460ff0efaa51a73af3f2
aarch64	tigervnc-1.13.1-15.el8_10.aarch64.rpm	2901311fd13665fb06aa6c4bb60d9336452f0997e6502764db73902d92788578
aarch64	tigervnc-server-module-1.13.1-15.el8_10.aarch64.rpm	49b3db5942d2e50693b1966c0a78e143f1d4142be35e2f63d56aa8dc8b9523c4
aarch64	tigervnc-server-minimal-1.13.1-15.el8_10.aarch64.rpm	a29f0e66d3fe87f695c5a2b85824f6fd90a4dee750b22a3675ad8b12294f7c75
noarch	tigervnc-selinux-1.13.1-15.el8_10.noarch.rpm	2d7ef296d4209f739467417245f262f33a12c0df69815423fef0a6dc6d9281ac
noarch	tigervnc-license-1.13.1-15.el8_10.noarch.rpm	40fb0ca04d4794e98a1d91898dd28e274b692fb891a92575d063cab22df09917
noarch	tigervnc-icons-1.13.1-15.el8_10.noarch.rpm	5c9f546061600ae769f7e77463fa403f23caeecf38333b4c30f4b21d587a0401
ppc64le	tigervnc-server-module-1.13.1-15.el8_10.ppc64le.rpm	3828ce7a600f253e7a860c37660e50136247a93e743f18cb4c6f04a774563bcc
ppc64le	tigervnc-server-1.13.1-15.el8_10.ppc64le.rpm	701ee9627c33b11b23e7e6a97ffd305dcd00962c0f3ca299953ffd08cc517b79
ppc64le	tigervnc-1.13.1-15.el8_10.ppc64le.rpm	811a5596a60dbc5cada989d40b4989a07915925808d09705a3559b7d117152f5
ppc64le	tigervnc-server-minimal-1.13.1-15.el8_10.ppc64le.rpm	8520ac4e8e91ca7f20f341831107d321cc653d1f24625a09aaaa857e14411f11
s390x	tigervnc-server-minimal-1.13.1-15.el8_10.s390x.rpm	177445f6364cca88b863a6029dbb1d3f76551dc2a5947865a7f5ea90e3389aa4
s390x	tigervnc-server-1.13.1-15.el8_10.s390x.rpm	9f28957705035d28b963787b030d5cb59765a195cf2a63523636e49a46331432
s390x	tigervnc-1.13.1-15.el8_10.s390x.rpm	b581e9c12b28e2314a0258d14b41d77c92f1f41fea1a9bfad2654038ef4cc438
s390x	tigervnc-server-module-1.13.1-15.el8_10.s390x.rpm	f7b11a8254b82340d44e98cad7012fddf6307dd46d46c0367d72471271d113d7
x86_64	tigervnc-server-module-1.13.1-15.el8_10.x86_64.rpm	45347a78a9d24b964dd044983a3fa6a0ab3e3808443be26f69cd6f9405720096
x86_64	tigervnc-1.13.1-15.el8_10.x86_64.rpm	a1c069c6faab81ee10c18e92f2f6a063d1ca40b041597db8fb56d9f812363542
x86_64	tigervnc-server-1.13.1-15.el8_10.x86_64.rpm	b22129693d057a895997e3ddf8e5769b1b0bb016c8ceced5507d70ef4dee64e5
x86_64	tigervnc-server-minimal-1.13.1-15.el8_10.x86_64.rpm	bfd5397fb8dfc05a851594e27b6b1c3f1069431b0f45719b1d0744c6510b29d2

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.