tigervnc-1.15.0-7.el9_8.1.ML.1

エラータID: AXSA:2026-1265:06

Release date: 
Thursday, July 16, 2026 - 10:09
Subject: 
tigervnc-1.15.0-7.el9_8.1.ML.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

* xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling (CVE-2026-33999)
* xwayland: xorg: X.Org X server: Information disclosure and denial of service via out-of-bounds read in XKB geometry processing. (CVE-2026-34000)
* xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption (CVE-2026-34001)
* xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access (CVE-2026-34003)
* TigerVNC: x0vncserver: TigerVNC x0vncserver: Information disclosure, data manipulation, and denial of service via incorrect permissions (CVE-2026-34352)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-33999
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts.
CVE-2026-34000
A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server, either locally or remotely, can exploit this without user interaction. This could lead to the disclosure of memory contents or cause a denial of service by crashing the server.
CVE-2026-34001
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system.
CVE-2026-34003
A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible.
CVE-2026-34352
In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. tigervnc-1.15.0-7.el9_8.1.ML.1.src.rpm
    MD5: 48fe27b67c52b02588bf7d0011e51747
    SHA-256: 08106d878fb6f8bfcf466188710dec1e9342c10ee6d4d32067ac8592cb1382ec
    Size: 2.07 MB

Asianux Server 9 for x86_64
  1. tigervnc-1.15.0-7.el9_8.1.ML.1.x86_64.rpm
    MD5: bfe466ef7fc5ec742b989808a0f58a49
    SHA-256: c4af4b7440bb6d8f3cf5cf013a3358096256620ed4d1ebb5bcb71a2ee25073a6
    Size: 369.72 kB
  2. tigervnc-icons-1.15.0-7.el9_8.1.ML.1.noarch.rpm
    MD5: 4519b2a3fc2828055538e68601d33355
    SHA-256: 012cee006c9496b5bc1370b4f9b4ae81d13050799501c90f6c9543c392038cf8
    Size: 37.41 kB
  3. tigervnc-license-1.15.0-7.el9_8.1.ML.1.noarch.rpm
    MD5: fab49d111d8366a56524395d6fac0d3d
    SHA-256: f76f6e8b095d6e493357e2aeef859f1c6dd36bee12c63cb5435d8b25963ce6cc
    Size: 17.33 kB
  4. tigervnc-selinux-1.15.0-7.el9_8.1.ML.1.noarch.rpm
    MD5: e4b9f2a7bbe98de5e65068eeebb8e6cd
    SHA-256: 093c316b30a925cdd44bbd4f3b5d22e506a42cf30745b5d7215a4e1c404046ef
    Size: 27.98 kB
  5. tigervnc-server-1.15.0-7.el9_8.1.ML.1.x86_64.rpm
    MD5: 91d991cc4ada104b98de913788226c2a
    SHA-256: 74f4b84d46b39bb6f64bb562c60a608be591dfe72b02e33df5688e9d9f070f87
    Size: 265.76 kB
  6. tigervnc-server-minimal-1.15.0-7.el9_8.1.ML.1.x86_64.rpm
    MD5: 094e4563c81a2af261631526c05ed9ee
    SHA-256: 59ebabe5eee92108ba0e69c0da1410c4fcbd3614eb25cef24d02192aecdbe0c3
    Size: 1.18 MB
  7. tigervnc-server-module-1.15.0-7.el9_8.1.ML.1.x86_64.rpm
    MD5: 6614d78bc605bebf6fe7561f7faf994e
    SHA-256: 1a30fe8fe43bdfc6a0099d1e6a863b4308a0dda97116a59037483194ce63e3f6
    Size: 281.18 kB