tigervnc-1.15.0-6.el9_7.1

エラータID: AXSA:2026-530:01

Release date: 
Monday, May 4, 2026 - 12:15
Subject: 
tigervnc-1.15.0-6.el9_7.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

* xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling (CVE-2026-33999)
* xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption (CVE-2026-34001)
* xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access (CVE-2026-34003)
* TigerVNC: x0vncserver: TigerVNC x0vncserver: Information disclosure, data manipulation, and denial of service via incorrect permissions (CVE-2026-34352)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-33999
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts.
CVE-2026-34001
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system.
CVE-2026-34003
A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible.
CVE-2026-34352
In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions.

Solution: 

Update packages.

CVEs: 
CVE-2026-33999
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts.
CVE-2026-34001
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system.
CVE-2026-34003
A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible.
CVE-2026-34352
In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions.
Additional Info: 

N/A

Download: 

SRPMS
  1. tigervnc-1.15.0-6.el9_7.1.src.rpm
    MD5: f4509d769331134c40bde2f4478818e5
    SHA-256: 6d2a47b3cde9e9119671b6a9dde41059b3ede628cccb3038df68da19628fd276
    Size: 2.08 MB

Asianux Server 9 for x86_64
  1. tigervnc-1.15.0-6.el9_7.1.x86_64.rpm
    MD5: fb7813faf4ac533a02eb0fb76d6e5ca9
    SHA-256: e05b701e1f78878cbe9ebbae18d70c89bcb8a27d378f2c90aeb48a643369cdc7
    Size: 369.65 kB
  2. tigervnc-icons-1.15.0-6.el9_7.1.noarch.rpm
    MD5: be8e1b9be3c893f8c461692979b6703b
    SHA-256: 761bd3a4f22c6ce2e03d435040f9880bcdc21c88147a14bcfd49789ffa7df56e
    Size: 37.35 kB
  3. tigervnc-license-1.15.0-6.el9_7.1.noarch.rpm
    MD5: d18d2ab905679276beddfc37ef9d48c0
    SHA-256: 6b8c2589d98e3fbf2ce91efae21d308db9e3b87cce504b93f7d881c9249273d1
    Size: 17.27 kB
  4. tigervnc-selinux-1.15.0-6.el9_7.1.noarch.rpm
    MD5: 048d7873205599ac5b506ad2c2312104
    SHA-256: 4b8918f63367191b65d584f8abf734ae29ee20e045fb6e1ba84678c0dc05070f
    Size: 27.86 kB
  5. tigervnc-server-1.15.0-6.el9_7.1.x86_64.rpm
    MD5: 73544cfd118a4545c045fd8683cd90a0
    SHA-256: 6a30c4b4180cd0cdb02e2118436a0525010484448ff48da736ea6f9032e989d1
    Size: 265.67 kB
  6. tigervnc-server-minimal-1.15.0-6.el9_7.1.x86_64.rpm
    MD5: 611a809c57603d5dc42e212aac7df453
    SHA-256: aed3684e730516f291a236d594fac1cbf37643c4f33639de2eeb64096bc219a5
    Size: 1.18 MB
  7. tigervnc-server-module-1.15.0-6.el9_7.1.x86_64.rpm
    MD5: aa487f4df77861389431a1d9762ce2fb
    SHA-256: c39569b32af358f1ab97910dcf0dbac5904bcedb9d8413cde1133e70c12e8e75
    Size: 281.05 kB