ALSA-2026:13414

[ALSA-2026:13414] Important: tigervnc security update

Type:

security

Severity:

important

Release date:

2026-05-05

Description:

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.  

Security Fix(es):  

  * xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling (CVE-2026-33999)
  * xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption (CVE-2026-34001)
  * xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access (CVE-2026-34003)
  * TigerVNC: x0vncserver: TigerVNC x0vncserver: Information disclosure, data manipulation, and denial of service via incorrect permissions (CVE-2026-34352)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	tigervnc-server-module-1.15.0-9.el8_10.aarch64.rpm	64a67dc96c0c7fba1429d2afc58a2f509ec632f331edbe70f8ca4a0fe924c31a
aarch64	tigervnc-1.15.0-9.el8_10.aarch64.rpm	8e2bba7acc974ebb5380f7e82a58a852e5a4d56ac197fd5b5ae4fe88d4130d93
aarch64	tigervnc-server-minimal-1.15.0-9.el8_10.aarch64.rpm	b2f227df5baa68ed53c3ba5cf9de338fb0d7568fd4cb5d7eccc445839ff1e64d
aarch64	tigervnc-server-1.15.0-9.el8_10.aarch64.rpm	b3cc26ec1e860db02a0724dcea2a223cf2a1aedc4e444f1fc38d2db3cccc4476
noarch	tigervnc-icons-1.15.0-9.el8_10.noarch.rpm	3c7a7652b00f3d8f0e919a47ae43b43f81a372b1cf89bf9023e3c201ecd1f0e0
noarch	tigervnc-license-1.15.0-9.el8_10.noarch.rpm	a807611d455e1ca06032cf8a4cb08a50db55134c697da0566a24cb7d5590fd93
noarch	tigervnc-selinux-1.15.0-9.el8_10.noarch.rpm	c66ad0c347e2a979e8f9ea4a7c4660a10a84281b65d4a1ab8fd230e02233ef04
ppc64le	tigervnc-server-minimal-1.15.0-9.el8_10.ppc64le.rpm	2d521dd76ad141017f2f765923f604fac43b34a424d3187841c6f9a3cafa2521
ppc64le	tigervnc-1.15.0-9.el8_10.ppc64le.rpm	3703cf8b8ef9664cf1c67c1221f37cbc881d12eea2049f4e1e7b5716334cfd8f
ppc64le	tigervnc-server-module-1.15.0-9.el8_10.ppc64le.rpm	7266c066191feec9d15af287791f98d6ef534e3f790df852e4ff432f74f672b0
ppc64le	tigervnc-server-1.15.0-9.el8_10.ppc64le.rpm	7ce1c92b8c66f8c6015200c87f85c02b56c4065f69ca1ca82fec0d29ed91de3b
s390x	tigervnc-server-module-1.15.0-9.el8_10.s390x.rpm	6d0e89225744f0b6cf9da94b53e591d74bd386d276d3c0a3a4198b60a9249c21
s390x	tigervnc-1.15.0-9.el8_10.s390x.rpm	6ee89fe932f282535a873e43169505bd9811c0f3fb4af17eb9f1c45815d3a08f
s390x	tigervnc-server-minimal-1.15.0-9.el8_10.s390x.rpm	8e0f8700640eb2f8d427639f46b28342d7105b7d1dd4779d764d5be6d6e8a26c
s390x	tigervnc-server-1.15.0-9.el8_10.s390x.rpm	97793e332f56a0a93a17ecf133a5e2b0a972b8adc9a73e2c40e4a124f21454ab
x86_64	tigervnc-1.15.0-9.el8_10.x86_64.rpm	359b9d9c6c4badc75c429e3cd159972038c51f01c1b90b61ed9e0f42cb818201
x86_64	tigervnc-server-module-1.15.0-9.el8_10.x86_64.rpm	38954cf342546d350695a040e12c27da917e02e70fb212c9d67999ebb69f8c86
x86_64	tigervnc-server-minimal-1.15.0-9.el8_10.x86_64.rpm	66784d59cd3c220d8bf7426d537d897ef75b105e2899e833efde0125192695d8
x86_64	tigervnc-server-1.15.0-9.el8_10.x86_64.rpm	f9aed4a2d2ca230982076a19f7e23e4651624732827d3df595add73650c590d8

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.