tigervnc-1.14.1-8.el9_6

エラータID: AXSA:2025-10563:07

Release date: 
Wednesday, July 23, 2025 - 18:02
Subject: 
tigervnc-1.14.1-8.el9_6
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

* xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors (CVE-2025-49175)
* xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in Big Requests Extension (CVE-2025-49176)
* xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore (CVE-2025-49178)
* xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer overflow in X Record extension (CVE-2025-49179)
* xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension (CVE-2025-49180)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-49175
A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.
CVE-2025-49176
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.
CVE-2025-49178
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.
CVE-2025-49179
A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.
CVE-2025-49180
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.

Solution: 

Update packages.

CVEs: 
CVE-2025-49175
A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.
CVE-2025-49176
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.
CVE-2025-49178
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.
CVE-2025-49179
A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.
CVE-2025-49180
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
Additional Info: 

N/A

Download: 

SRPMS
  1. tigervnc-1.14.1-8.el9_6.src.rpm
    MD5: 4eb993289a9183667dcf89473f802f55
    SHA-256: 0f993bdb3c42cdbbc935162ff5eb4402819629b9fd49e6aeaad84ad58b0251cb
    Size: 2.06 MB

Asianux Server 9 for x86_64
  1. tigervnc-1.14.1-8.el9_6.x86_64.rpm
    MD5: 5d2030d38562c09d75bf0002e9f2c471
    SHA-256: 1b887b821aec17dde9805886e216da045247f7ea14e572d9d9e96fd61ef394bb
    Size: 354.15 kB
  2. tigervnc-icons-1.14.1-8.el9_6.noarch.rpm
    MD5: 37735204a4bdae2a052c732acb11d270
    SHA-256: b57e56cd4aa35203c54695d27c485481a7d224087a3b19429f244b7aed761074
    Size: 38.32 kB
  3. tigervnc-license-1.14.1-8.el9_6.noarch.rpm
    MD5: 2a2e69bf7af6741bc4df9425e99f761e
    SHA-256: 157e5461d451bd75556e02cc75f7099ed68cf04bec929d6a7f5a5f947ffd1356
    Size: 18.24 kB
  4. tigervnc-selinux-1.14.1-8.el9_6.noarch.rpm
    MD5: 85c51e207662d71592149734e01d98c7
    SHA-256: 2f3221e352217b038dc0a031147b1b4c014bfc817465e644dfbb33dce51bfa20
    Size: 28.85 kB
  5. tigervnc-server-1.14.1-8.el9_6.x86_64.rpm
    MD5: 24fe7147a4681b11ad178f1ea2945a7e
    SHA-256: 59f7c53fb2703371c26f65deb0917b19a39833b8bb10691d1a35aaf387110477
    Size: 260.96 kB
  6. tigervnc-server-minimal-1.14.1-8.el9_6.x86_64.rpm
    MD5: be95720db0a13788b929173a26d311b5
    SHA-256: 76d308c9e00d1a36ed26379404395b9d48a02db33067050dd76aa9218911e886
    Size: 1.17 MB
  7. tigervnc-server-module-1.14.1-8.el9_6.x86_64.rpm
    MD5: 9d4766db06d419acc34ac4905ee1d81f
    SHA-256: 0ebde3680dfcf8269276db51f8eb1ccf3fa7fe2fadaa495cc4801ab931fff9f4
    Size: 279.94 kB