Issued:: 2025-07-07
Updated:: 2025-07-07

RHSA-2025:10378 - Security Advisory

Overview
Updated Packages

Synopsis

Important: tigervnc security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors (CVE-2025-49175)
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in Big Requests Extension (CVE-2025-49176)
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore (CVE-2025-49178)
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer overflow in X Record extension (CVE-2025-49179)
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension (CVE-2025-49180)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Fixes

BZ - 2369947 - CVE-2025-49175 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors
BZ - 2369954 - CVE-2025-49176 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in Big Requests Extension
BZ - 2369977 - CVE-2025-49178 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore
BZ - 2369978 - CVE-2025-49179 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer overflow in X Record extension
BZ - 2369981 - CVE-2025-49180 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
tigervnc-1.9.0-15.el8_2.14.src.rpm	SHA-256: 93bbc64e491a4468de45c501af76c9edac6e30f990a6a6794efe82971bc35b5c
x86_64
tigervnc-1.9.0-15.el8_2.14.x86_64.rpm	SHA-256: 03076e5592289e26a5c35b0ae5e663caa260cab91b9973466b04ea4361e33a45
tigervnc-debuginfo-1.9.0-15.el8_2.14.x86_64.rpm	SHA-256: 455ad90058be4a3d60124b9f618fdbd3c793c9afef4f43b6df5fed33927098b0
tigervnc-debugsource-1.9.0-15.el8_2.14.x86_64.rpm	SHA-256: 8c30479031bf49054c8a85291d54af958a0b0a70b2b867dcc73e6e8c85f4701d
tigervnc-icons-1.9.0-15.el8_2.14.noarch.rpm	SHA-256: 11ac370023715b1836348d661b7e0ad4e9e0a399e17fa4e3853769b5b7777a7a
tigervnc-license-1.9.0-15.el8_2.14.noarch.rpm	SHA-256: 7f5485ac86396070be8445716674457c7942b5103723e904c1e37a9378739065
tigervnc-server-1.9.0-15.el8_2.14.x86_64.rpm	SHA-256: a9002d41a4e7ab243c5e89083377bcb9e9fb7408616db3bd6248b3fbf80e7bd6
tigervnc-server-applet-1.9.0-15.el8_2.14.noarch.rpm	SHA-256: e8bbe55053ab4945021391b4fd8dd76d7144c879a857fae8091d918613dabf57
tigervnc-server-debuginfo-1.9.0-15.el8_2.14.x86_64.rpm	SHA-256: eb8e1879504b1ab9a0f3170c44d9727037ae66a39a5bc5702c613fe3b18c757f
tigervnc-server-minimal-1.9.0-15.el8_2.14.x86_64.rpm	SHA-256: fda2e4962c2f13de142c50cd9fae9e6e361c92194d440d9433adcbd3266c8681
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.14.x86_64.rpm	SHA-256: 947652c6eb33373bae1dd2848305c1f76c7bc0d59152fe06010c79d0d2cd2d63
tigervnc-server-module-1.9.0-15.el8_2.14.x86_64.rpm	SHA-256: 492ed13ef081f269327788f3996e11dd45c0bed279a7c4415850b816c309faba
tigervnc-server-module-debuginfo-1.9.0-15.el8_2.14.x86_64.rpm	SHA-256: 448024536e207e8eab487aefed208eb80e78f68866462a35bf4c1bfd808c2874

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation