Issued:: 2025-07-07
Updated:: 2025-07-07

RHSA-2025:10377 - Security Advisory

Overview
Updated Packages

Synopsis

Important: tigervnc security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for tigervnc is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors (CVE-2025-49175)
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in Big Requests Extension (CVE-2025-49176)
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore (CVE-2025-49178)
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer overflow in X Record extension (CVE-2025-49179)
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension (CVE-2025-49180)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6 i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6 s390x

Fixes

BZ - 2369947 - CVE-2025-49175 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors
BZ - 2369954 - CVE-2025-49176 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in Big Requests Extension
BZ - 2369977 - CVE-2025-49178 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore
BZ - 2369978 - CVE-2025-49179 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer overflow in X Record extension
BZ - 2369981 - CVE-2025-49180 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension 6

SRPM
tigervnc-1.1.0-25.el6_10.1.src.rpm	SHA-256: c1b280d752131dac94db2d62803a5037a338960f1a0dffd7ffe93f00e0a2f110
x86_64
tigervnc-1.1.0-25.el6_10.1.x86_64.rpm	SHA-256: d6c95d47652576538c8027d63e5d19a61487007ba344464acbe56d9faef8a08f
tigervnc-debuginfo-1.1.0-25.el6_10.1.x86_64.rpm	SHA-256: 6088fb523c3ed6302e1d5d835c3e9a2158767cfd09b49c0d1eadc992d098cf3f
tigervnc-debuginfo-1.1.0-25.el6_10.1.x86_64.rpm	SHA-256: 6088fb523c3ed6302e1d5d835c3e9a2158767cfd09b49c0d1eadc992d098cf3f
tigervnc-server-1.1.0-25.el6_10.1.x86_64.rpm	SHA-256: 20701534f58ea77773d7ee3bf15e3cd274da203b3a103006b096d55d53f54010
tigervnc-server-applet-1.1.0-25.el6_10.1.noarch.rpm	SHA-256: 0a578152406a6f5cbc50bb1522fdce1ab571868ef7d82cb7c4f769360f50ee82
tigervnc-server-module-1.1.0-25.el6_10.1.x86_64.rpm	SHA-256: 8291a5e74c0af594a7ab30f2029801d9a1af3ac585d41089d28fec712ebe5025
i386
tigervnc-1.1.0-25.el6_10.1.i686.rpm	SHA-256: ab7bb89cfea7869df63eec1745bd46e9b01788a007201460f10ff5d9aa251630
tigervnc-debuginfo-1.1.0-25.el6_10.1.i686.rpm	SHA-256: e3291d013fb250c0285db00da7854ffe3efc8ba2076c6bb2999a7b469e01909f
tigervnc-debuginfo-1.1.0-25.el6_10.1.i686.rpm	SHA-256: e3291d013fb250c0285db00da7854ffe3efc8ba2076c6bb2999a7b469e01909f
tigervnc-server-1.1.0-25.el6_10.1.i686.rpm	SHA-256: 027b51df86f1ce8a7f878d9800a3a20b5c6ef101c141e2531a7276516dd767cc
tigervnc-server-applet-1.1.0-25.el6_10.1.noarch.rpm	SHA-256: 0a578152406a6f5cbc50bb1522fdce1ab571868ef7d82cb7c4f769360f50ee82
tigervnc-server-module-1.1.0-25.el6_10.1.i686.rpm	SHA-256: 2b79c98e7893afc45cb10b1b987534d979707c7eedbe6dfef1363ff2aa5db10a

Red Hat Enterprise Linux Server - Extended Life Cycle Support Extension (for IBM z Systems) 6

SRPM
tigervnc-1.1.0-25.el6_10.1.src.rpm	SHA-256: c1b280d752131dac94db2d62803a5037a338960f1a0dffd7ffe93f00e0a2f110
s390x
tigervnc-1.1.0-25.el6_10.1.s390x.rpm	SHA-256: a9d48291c91e61b3d577da8bc26e1614f6da600f228047f310a6617c3167e4f7
tigervnc-debuginfo-1.1.0-25.el6_10.1.s390x.rpm	SHA-256: dbfb304deef1d100c88482dfcc3f03e2c2adea30844e5782bae1ffca0ea262ad
tigervnc-server-1.1.0-25.el6_10.1.s390x.rpm	SHA-256: a5e012e9b3e8987e7ec39076b550ad153271d6c3b7fae480824ad98e6b8849a5
tigervnc-server-applet-1.1.0-25.el6_10.1.noarch.rpm	SHA-256: 0a578152406a6f5cbc50bb1522fdce1ab571868ef7d82cb7c4f769360f50ee82

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation