tigervnc-1.15.0-7.el9_8.1.ML.1
エラータID: AXSA:2026-1265:06
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.
Security Fix(es):
* xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling (CVE-2026-33999)
* xwayland: xorg: X.Org X server: Information disclosure and denial of service via out-of-bounds read in XKB geometry processing. (CVE-2026-34000)
* xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption (CVE-2026-34001)
* xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access (CVE-2026-34003)
* TigerVNC: x0vncserver: TigerVNC x0vncserver: Information disclosure, data manipulation, and denial of service via incorrect permissions (CVE-2026-34352)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2026-33999
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts.
CVE-2026-34000
A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server, either locally or remotely, can exploit this without user interaction. This could lead to the disclosure of memory contents or cause a denial of service by crashing the server.
CVE-2026-34001
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system.
CVE-2026-34003
A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible.
CVE-2026-34352
In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions.
Update packages.
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts.
A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server, either locally or remotely, can exploit this without user interaction. This could lead to the disclosure of memory contents or cause a denial of service by crashing the server.
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system.
A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible.
In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions.
N/A
SRPMS
- tigervnc-1.15.0-7.el9_8.1.ML.1.src.rpm
MD5: 48fe27b67c52b02588bf7d0011e51747
SHA-256: 08106d878fb6f8bfcf466188710dec1e9342c10ee6d4d32067ac8592cb1382ec
Size: 2.07 MB
Asianux Server 9 for x86_64
- tigervnc-1.15.0-7.el9_8.1.ML.1.x86_64.rpm
MD5: bfe466ef7fc5ec742b989808a0f58a49
SHA-256: c4af4b7440bb6d8f3cf5cf013a3358096256620ed4d1ebb5bcb71a2ee25073a6
Size: 369.72 kB - tigervnc-icons-1.15.0-7.el9_8.1.ML.1.noarch.rpm
MD5: 4519b2a3fc2828055538e68601d33355
SHA-256: 012cee006c9496b5bc1370b4f9b4ae81d13050799501c90f6c9543c392038cf8
Size: 37.41 kB - tigervnc-license-1.15.0-7.el9_8.1.ML.1.noarch.rpm
MD5: fab49d111d8366a56524395d6fac0d3d
SHA-256: f76f6e8b095d6e493357e2aeef859f1c6dd36bee12c63cb5435d8b25963ce6cc
Size: 17.33 kB - tigervnc-selinux-1.15.0-7.el9_8.1.ML.1.noarch.rpm
MD5: e4b9f2a7bbe98de5e65068eeebb8e6cd
SHA-256: 093c316b30a925cdd44bbd4f3b5d22e506a42cf30745b5d7215a4e1c404046ef
Size: 27.98 kB - tigervnc-server-1.15.0-7.el9_8.1.ML.1.x86_64.rpm
MD5: 91d991cc4ada104b98de913788226c2a
SHA-256: 74f4b84d46b39bb6f64bb562c60a608be591dfe72b02e33df5688e9d9f070f87
Size: 265.76 kB - tigervnc-server-minimal-1.15.0-7.el9_8.1.ML.1.x86_64.rpm
MD5: 094e4563c81a2af261631526c05ed9ee
SHA-256: 59ebabe5eee92108ba0e69c0da1410c4fcbd3614eb25cef24d02192aecdbe0c3
Size: 1.18 MB - tigervnc-server-module-1.15.0-7.el9_8.1.ML.1.x86_64.rpm
MD5: 6614d78bc605bebf6fe7561f7faf994e
SHA-256: 1a30fe8fe43bdfc6a0099d1e6a863b4308a0dda97116a59037483194ce63e3f6
Size: 281.18 kB