tigervnc-1.15.0-6.el9_7.1
エラータID: AXSA:2026-530:01
リリース日:
2026/05/04 Monday - 12:15
題名:
tigervnc-1.15.0-6.el9_7.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- X.org には、整数アンダーフローの問題があるため、ローカルの
攻撃者により、情報の漏洩、データ破壊、およびサービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2026-33999)
- X.org には、メモリ領域の解放後利用の問題があるため、ローカル
の攻撃者により、情報の漏洩、データ破壊、およびサービス拒否攻撃
を可能とする脆弱性が存在します。(CVE-2026-34001)
- X.org には、メモリ領域の範囲外読み取りの問題があるため、
ローカルの攻撃者により、情報の漏洩、データ破壊、およびサービス
拒否攻撃を可能とする脆弱性が存在します。(CVE-2026-34003)
- TigerVNC の x0vncserver コンポーネントには、ローカルの攻撃者
により、情報の漏洩、データ破壊、およびサービス拒否攻撃を可能と
する脆弱性が存在します。(CVE-2026-34352)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-33999
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts.
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts.
CVE-2026-34001
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system.
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system.
CVE-2026-34003
A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible.
A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible.
CVE-2026-34352
In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions.
In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions.
追加情報:
N/A
ダウンロード:
SRPMS
- tigervnc-1.15.0-6.el9_7.1.src.rpm
MD5: f4509d769331134c40bde2f4478818e5
SHA-256: 6d2a47b3cde9e9119671b6a9dde41059b3ede628cccb3038df68da19628fd276
Size: 2.08 MB
Asianux Server 9 for x86_64
- tigervnc-1.15.0-6.el9_7.1.x86_64.rpm
MD5: fb7813faf4ac533a02eb0fb76d6e5ca9
SHA-256: e05b701e1f78878cbe9ebbae18d70c89bcb8a27d378f2c90aeb48a643369cdc7
Size: 369.65 kB - tigervnc-icons-1.15.0-6.el9_7.1.noarch.rpm
MD5: be8e1b9be3c893f8c461692979b6703b
SHA-256: 761bd3a4f22c6ce2e03d435040f9880bcdc21c88147a14bcfd49789ffa7df56e
Size: 37.35 kB - tigervnc-license-1.15.0-6.el9_7.1.noarch.rpm
MD5: d18d2ab905679276beddfc37ef9d48c0
SHA-256: 6b8c2589d98e3fbf2ce91efae21d308db9e3b87cce504b93f7d881c9249273d1
Size: 17.27 kB - tigervnc-selinux-1.15.0-6.el9_7.1.noarch.rpm
MD5: 048d7873205599ac5b506ad2c2312104
SHA-256: 4b8918f63367191b65d584f8abf734ae29ee20e045fb6e1ba84678c0dc05070f
Size: 27.86 kB - tigervnc-server-1.15.0-6.el9_7.1.x86_64.rpm
MD5: 73544cfd118a4545c045fd8683cd90a0
SHA-256: 6a30c4b4180cd0cdb02e2118436a0525010484448ff48da736ea6f9032e989d1
Size: 265.67 kB - tigervnc-server-minimal-1.15.0-6.el9_7.1.x86_64.rpm
MD5: 611a809c57603d5dc42e212aac7df453
SHA-256: aed3684e730516f291a236d594fac1cbf37643c4f33639de2eeb64096bc219a5
Size: 1.18 MB - tigervnc-server-module-1.15.0-6.el9_7.1.x86_64.rpm
MD5: aa487f4df77861389431a1d9762ce2fb
SHA-256: c39569b32af358f1ab97910dcf0dbac5904bcedb9d8413cde1133e70c12e8e75
Size: 281.05 kB
English