Issued:: 2025-07-07
Updated:: 2025-07-07

RHSA-2025:10375 - Security Advisory

Overview
Updated Packages

Synopsis

Important: tigervnc security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for tigervnc is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors (CVE-2025-49175)
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in Big Requests Extension (CVE-2025-49176)
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore (CVE-2025-49178)
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer overflow in X Record extension (CVE-2025-49179)
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension (CVE-2025-49180)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

BZ - 2369947 - CVE-2025-49175 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors
BZ - 2369954 - CVE-2025-49176 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in Big Requests Extension
BZ - 2369977 - CVE-2025-49178 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore
BZ - 2369978 - CVE-2025-49179 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer overflow in X Record extension
BZ - 2369981 - CVE-2025-49180 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
tigervnc-1.8.0-36.el7_9.2.src.rpm	SHA-256: 47ab2001857b134daee185a8911e11126032a2483e8a3e63ae367f568db38086
x86_64
tigervnc-1.8.0-36.el7_9.2.x86_64.rpm	SHA-256: b1e598fb535faf766086480fd549ecadc383a2261cb47cd242305d3e6a518f51
tigervnc-debuginfo-1.8.0-36.el7_9.2.x86_64.rpm	SHA-256: a828c8e2bd738a5a42fb3f26fd9c64d188582c1b95d1b70cec759f06af09d517
tigervnc-debuginfo-1.8.0-36.el7_9.2.x86_64.rpm	SHA-256: a828c8e2bd738a5a42fb3f26fd9c64d188582c1b95d1b70cec759f06af09d517
tigervnc-icons-1.8.0-36.el7_9.2.noarch.rpm	SHA-256: b9d378a45a884a2ea4e8fd6f066083dbb48b6009faf667a102962f8ecc2d5fc5
tigervnc-license-1.8.0-36.el7_9.2.noarch.rpm	SHA-256: 1bfc35c67eee27e25f282c99db11adb641a58940ab055ccf4b22d704895b6255
tigervnc-server-1.8.0-36.el7_9.2.x86_64.rpm	SHA-256: 12897b79ebc1700dc510a65ebae85d85a83fe70c22d5b0a0535196687a508023
tigervnc-server-applet-1.8.0-36.el7_9.2.noarch.rpm	SHA-256: 6d7e3833e8643b66e26b2c74abde97a650aa91fabf636a585258e3ce36a6903e
tigervnc-server-minimal-1.8.0-36.el7_9.2.x86_64.rpm	SHA-256: 09bd0a8dc011347bfebc1c3624e9ac71e2ac22a490c1f8f0cd2ec328411be7da
tigervnc-server-module-1.8.0-36.el7_9.2.x86_64.rpm	SHA-256: 8f874c4a42f120b308eda75a3f410bbb17bd60540423e7cad2d16fc95eeb7e9d

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7

SRPM
tigervnc-1.8.0-36.el7_9.2.src.rpm	SHA-256: 47ab2001857b134daee185a8911e11126032a2483e8a3e63ae367f568db38086
s390x
tigervnc-1.8.0-36.el7_9.2.s390x.rpm	SHA-256: dc62c150823bfd1a20edabbc970ed7e9b1871456f7fc66a7efa4f9ca3b9a0041
tigervnc-debuginfo-1.8.0-36.el7_9.2.s390x.rpm	SHA-256: e63753b276fcf658e7cf2c0666acb95cf60a6138b3b431fa7f0e353091132f6d
tigervnc-icons-1.8.0-36.el7_9.2.noarch.rpm	SHA-256: b9d378a45a884a2ea4e8fd6f066083dbb48b6009faf667a102962f8ecc2d5fc5
tigervnc-license-1.8.0-36.el7_9.2.noarch.rpm	SHA-256: 1bfc35c67eee27e25f282c99db11adb641a58940ab055ccf4b22d704895b6255
tigervnc-server-1.8.0-36.el7_9.2.s390x.rpm	SHA-256: 95e0ebc1434d7040dd3d375ffdfa635d65ed7438f900276c5d2d87a322a29b2a
tigervnc-server-applet-1.8.0-36.el7_9.2.noarch.rpm	SHA-256: 6d7e3833e8643b66e26b2c74abde97a650aa91fabf636a585258e3ce36a6903e
tigervnc-server-minimal-1.8.0-36.el7_9.2.s390x.rpm	SHA-256: c5b7c36bc52fcec7d6675ffe07b4113df9316bc91535889c5ab6cafce6594238

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7

SRPM
tigervnc-1.8.0-36.el7_9.2.src.rpm	SHA-256: 47ab2001857b134daee185a8911e11126032a2483e8a3e63ae367f568db38086
ppc64
tigervnc-1.8.0-36.el7_9.2.ppc64.rpm	SHA-256: 120c0b51e0ec8b9ff462dc7dedd72fae5dc30b79f799054d4a989f6bb4f62357
tigervnc-debuginfo-1.8.0-36.el7_9.2.ppc64.rpm	SHA-256: 1fccdf205c6c50c82202ea4cf1da8b8405ea1d62eb5e24f84b66fb03aeb46c7b
tigervnc-debuginfo-1.8.0-36.el7_9.2.ppc64.rpm	SHA-256: 1fccdf205c6c50c82202ea4cf1da8b8405ea1d62eb5e24f84b66fb03aeb46c7b
tigervnc-icons-1.8.0-36.el7_9.2.noarch.rpm	SHA-256: b9d378a45a884a2ea4e8fd6f066083dbb48b6009faf667a102962f8ecc2d5fc5
tigervnc-license-1.8.0-36.el7_9.2.noarch.rpm	SHA-256: 1bfc35c67eee27e25f282c99db11adb641a58940ab055ccf4b22d704895b6255
tigervnc-server-1.8.0-36.el7_9.2.ppc64.rpm	SHA-256: ed072fa76b6c0005da2633d6e285de55d3baba021aa28b030102a869e79c879e
tigervnc-server-applet-1.8.0-36.el7_9.2.noarch.rpm	SHA-256: 6d7e3833e8643b66e26b2c74abde97a650aa91fabf636a585258e3ce36a6903e
tigervnc-server-minimal-1.8.0-36.el7_9.2.ppc64.rpm	SHA-256: e7c80485972ddca707e793a4c777b3d2f92f522689ef77a1418c46d5730c8efd
tigervnc-server-module-1.8.0-36.el7_9.2.ppc64.rpm	SHA-256: f085abf975328e357aaed52b95f50af43ed32d76c8f30b7902eb86483722760c

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
tigervnc-1.8.0-36.el7_9.2.src.rpm	SHA-256: 47ab2001857b134daee185a8911e11126032a2483e8a3e63ae367f568db38086
ppc64le
tigervnc-1.8.0-36.el7_9.2.ppc64le.rpm	SHA-256: c80e1c1a14cdd9127db7e8d5af6f5f89d334ad58e65d9cbe0f3f5d0e25b9c2c7
tigervnc-debuginfo-1.8.0-36.el7_9.2.ppc64le.rpm	SHA-256: 5e4fb83d8fbdb90d6679519c0aeb99d93b61d26efde9e7f9221a1079c4da3687
tigervnc-debuginfo-1.8.0-36.el7_9.2.ppc64le.rpm	SHA-256: 5e4fb83d8fbdb90d6679519c0aeb99d93b61d26efde9e7f9221a1079c4da3687
tigervnc-icons-1.8.0-36.el7_9.2.noarch.rpm	SHA-256: b9d378a45a884a2ea4e8fd6f066083dbb48b6009faf667a102962f8ecc2d5fc5
tigervnc-license-1.8.0-36.el7_9.2.noarch.rpm	SHA-256: 1bfc35c67eee27e25f282c99db11adb641a58940ab055ccf4b22d704895b6255
tigervnc-server-1.8.0-36.el7_9.2.ppc64le.rpm	SHA-256: 3348a04b60b240335ff9dba2e9ad9d09b6d08995b1b2f3aec9af98cd94968101
tigervnc-server-applet-1.8.0-36.el7_9.2.noarch.rpm	SHA-256: 6d7e3833e8643b66e26b2c74abde97a650aa91fabf636a585258e3ce36a6903e
tigervnc-server-minimal-1.8.0-36.el7_9.2.ppc64le.rpm	SHA-256: 4ff0350fb1b827108a287a0d8a2211cfa279bc95a793689734f3ec74cf4954fe
tigervnc-server-module-1.8.0-36.el7_9.2.ppc64le.rpm	SHA-256: ed4d1f51dc6c9d00f2e4277d663d6e44c3432741a671de923f7d5eb79c8dc8e7

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation