ALSA-2025:2500

[ALSA-2025:2500] Important: tigervnc security update

Type:

security

Severity:

important

Release date:

2025-03-17

Description:

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.  

Security Fix(es):  

  * X.Org: Xwayland: Use-after-free of the root cursor (CVE-2025-26594)
  * xorg: xwayland: Use-after-free in SyncInitTrigger() (CVE-2025-26601)
  * xorg: xwayland: Use-after-free in PlayReleasedEvents() (CVE-2025-26600)
  * xorg: xwayland: Use of uninitialized pointer in compRedirectWindow() (CVE-2025-26599)
  * xorg: xwayland: Out-of-bounds write in CreatePointerBarrierClient() (CVE-2025-26598)
  * xorg: xwayland: Buffer overflow in XkbChangeTypesOfKey() (CVE-2025-26597)
  * xorg: xwayland: Heap overflow in XkbWriteKeySyms() (CVE-2025-26596)
  * Xorg: xwayland: Buffer overflow in XkbVModMaskText() (CVE-2025-26595)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	tigervnc-server-minimal-1.14.1-1.el9_5.1.aarch64.rpm	256cfd1c62654db4161b98e9f6a04cc731f1b1c6dc986f158436e1dd97b136a9
aarch64	tigervnc-1.14.1-1.el9_5.1.aarch64.rpm	436d9a426e580068f4543075c9f067504b9a55987c38e83eef74b46fea4d89bb
aarch64	tigervnc-server-module-1.14.1-1.el9_5.1.aarch64.rpm	834c65fd61b7edead2a29b450fcec4df51201ae44a85bbff6b5f7af911a74285
aarch64	tigervnc-server-1.14.1-1.el9_5.1.aarch64.rpm	d2912c788e1d12854f14cc240f82787b42b2ae79d475a24281ae0a904652f578
noarch	tigervnc-icons-1.14.1-1.el9_5.1.noarch.rpm	08eb0fe289f4792b3cb6f77177d607bba5e069938e4aad36532be1b959990086
noarch	tigervnc-license-1.14.1-1.el9_5.1.noarch.rpm	1c41e5a2911fdde16998225f599853ddd6c07baed42fcd070e0fbaa87ada968d
noarch	tigervnc-selinux-1.14.1-1.el9_5.1.noarch.rpm	8bbb425e9a5ea9fa0d133059e86420caee8ee3378b90ee9bf2a485fa73e92aee
ppc64le	tigervnc-server-1.14.1-1.el9_5.1.ppc64le.rpm	20cf0144a2ada940e3d27660e42d9b20044bb732e12c62ef17f198f18e88dced
ppc64le	tigervnc-server-module-1.14.1-1.el9_5.1.ppc64le.rpm	b25ed225a637e3ff8373d6a3cd6cf4da84dba1a76b9c0e40e0c5c97f88b9c20d
ppc64le	tigervnc-server-minimal-1.14.1-1.el9_5.1.ppc64le.rpm	d3f09315084abc67db6f0ee21e197c68a753d8efdbdd68d96f43678de250606e
ppc64le	tigervnc-1.14.1-1.el9_5.1.ppc64le.rpm	e54a845eca92325f7c4404daf2190e90dec335e753aac6359a0a37d9d1e7447a
s390x	tigervnc-server-1.14.1-1.el9_5.1.s390x.rpm	38428f2f53d6666e0a04858ed55af545239fb111521c7fd114b9771813b8b04e
s390x	tigervnc-server-module-1.14.1-1.el9_5.1.s390x.rpm	bb1676c53e612eaffd89293e3c5d6bce5e28c2c27a8feb0271521c48b339b138
s390x	tigervnc-server-minimal-1.14.1-1.el9_5.1.s390x.rpm	d6523d21bc612a54801c01d486fa2986d0bb5b5f479fc77f7a1fb681add83119
s390x	tigervnc-1.14.1-1.el9_5.1.s390x.rpm	fff60b2b77756540bf7ae6345b8988448ef4324a5f7ac4ed49f66e454025cbd5
x86_64	tigervnc-1.14.1-1.el9_5.1.x86_64.rpm	54c20cb53a0ba8381bc7fa96e6caa648e357a370f8f531dec3d17eafe73df819
x86_64	tigervnc-server-minimal-1.14.1-1.el9_5.1.x86_64.rpm	56733b6336b74a55bb1bd7b3b627201094717ca2e0dd5927035f0ea6bded3e69
x86_64	tigervnc-server-1.14.1-1.el9_5.1.x86_64.rpm	b61d67ecfad1c338d43dcc15307d38845c0c56e0ef2fcbf3d5e87103e6364f61
x86_64	tigervnc-server-module-1.14.1-1.el9_5.1.x86_64.rpm	ee5d71a24ed92ca2eb0971a877435a81942b5d64b5e3c7751fc56c708c6460ae

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.