Red Hat Product Errata RHSA-2025:10381 - Security Advisory
Issued:
2025-07-07
Updated:
2025-07-07

RHSA-2025:10381 - Security Advisory

Synopsis

Important: tigervnc security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for tigervnc is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

  • xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors (CVE-2025-49175)
  • xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in Big Requests Extension (CVE-2025-49176)
  • xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore (CVE-2025-49178)
  • xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer overflow in X Record extension (CVE-2025-49179)
  • xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension (CVE-2025-49180)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2369947 - CVE-2025-49175 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors
  • BZ - 2369954 - CVE-2025-49176 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in Big Requests Extension
  • BZ - 2369977 - CVE-2025-49178 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore
  • BZ - 2369978 - CVE-2025-49179 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer overflow in X Record extension
  • BZ - 2369981 - CVE-2025-49180 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM
tigervnc-1.11.0-22.el9_0.15.src.rpm SHA-256: caa07bcf124226a94ee451cb2802791bd91422ba8abbeb60132769dd71f0dc7e
ppc64le
tigervnc-1.11.0-22.el9_0.15.ppc64le.rpm SHA-256: 9e8cc7ca3f4fc38517cc37d582f5bd56141d8b8fd60379039c503a635d6f0f14
tigervnc-debuginfo-1.11.0-22.el9_0.15.ppc64le.rpm SHA-256: 1bfdba35c47a67d82fc5892ec3885503302134a11e37519ded190af7acee94d8
tigervnc-debugsource-1.11.0-22.el9_0.15.ppc64le.rpm SHA-256: 1ac38b5f190462c4b1d7b335bd7646297e0adfe76d00e81c739e344fb8faae0a
tigervnc-icons-1.11.0-22.el9_0.15.noarch.rpm SHA-256: 2110e38a0cf3a165fb82761e5c8b3d7083547601e8eebbb246a009c4077e0a1d
tigervnc-license-1.11.0-22.el9_0.15.noarch.rpm SHA-256: 5dee5b5f3f00a1ef59420f30124a569e24724be38095d1c4a48ecb2a9cf11e60
tigervnc-selinux-1.11.0-22.el9_0.15.noarch.rpm SHA-256: 54e8cdd2bc37d1443352edaec3f98c7d75643309d2b44c8a0754e17fb6b78aeb
tigervnc-server-1.11.0-22.el9_0.15.ppc64le.rpm SHA-256: 59a9b1d94f58d7558e682612d551fa150e81eb88f779da1c3cff69b248d4bc10
tigervnc-server-debuginfo-1.11.0-22.el9_0.15.ppc64le.rpm SHA-256: b975b0b1c8040816e6d8618978061e97d475bff192db80a2bac4a414ca3d8fd9
tigervnc-server-minimal-1.11.0-22.el9_0.15.ppc64le.rpm SHA-256: 20ef1c6679b62dd6b930775d426e564350d0506e45b593385d67edf15fc8794c
tigervnc-server-minimal-debuginfo-1.11.0-22.el9_0.15.ppc64le.rpm SHA-256: d94050f3b0d1312f5672f54d28fd8ccf8607820e84a215d2e001d62baf7e97ac
tigervnc-server-module-1.11.0-22.el9_0.15.ppc64le.rpm SHA-256: 8aecb3f689124817f9abf3801854ee238ed57375bc7c8eec9fa4faba8cf1b166
tigervnc-server-module-debuginfo-1.11.0-22.el9_0.15.ppc64le.rpm SHA-256: c32128a9eda8ff5dbd8e8d60a5272c86353b2d4f227a128ebc38b32475155584

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM
tigervnc-1.11.0-22.el9_0.15.src.rpm SHA-256: caa07bcf124226a94ee451cb2802791bd91422ba8abbeb60132769dd71f0dc7e
x86_64
tigervnc-1.11.0-22.el9_0.15.x86_64.rpm SHA-256: 4a9c3e0d42c601f16b348b225f191e36d45986f09471ffce8bef49811fe3bcc6
tigervnc-debuginfo-1.11.0-22.el9_0.15.x86_64.rpm SHA-256: 153e7cdf34ef16db19d4974f644dd5b03d97ff5886c2c19b5c42b3fb4bdb132a
tigervnc-debugsource-1.11.0-22.el9_0.15.x86_64.rpm SHA-256: 54ab08c6a68fce1c44700e80fefa0f97093fbc718ffdbfb288773f74f937a49b
tigervnc-icons-1.11.0-22.el9_0.15.noarch.rpm SHA-256: 2110e38a0cf3a165fb82761e5c8b3d7083547601e8eebbb246a009c4077e0a1d
tigervnc-license-1.11.0-22.el9_0.15.noarch.rpm SHA-256: 5dee5b5f3f00a1ef59420f30124a569e24724be38095d1c4a48ecb2a9cf11e60
tigervnc-selinux-1.11.0-22.el9_0.15.noarch.rpm SHA-256: 54e8cdd2bc37d1443352edaec3f98c7d75643309d2b44c8a0754e17fb6b78aeb
tigervnc-server-1.11.0-22.el9_0.15.x86_64.rpm SHA-256: d270058b39bfc2e7247c2ca096fa46ec05f4b5c07de58deaeb5f4ada8ae72e53
tigervnc-server-debuginfo-1.11.0-22.el9_0.15.x86_64.rpm SHA-256: 0e68c78639caeeafd86489912f5511b7dfae7a9f3f30159f11985e71486b2896
tigervnc-server-minimal-1.11.0-22.el9_0.15.x86_64.rpm SHA-256: bf6b577fa52cba72e74a53ceb60a64dc10cdf92233215600605f4e75606fe30e
tigervnc-server-minimal-debuginfo-1.11.0-22.el9_0.15.x86_64.rpm SHA-256: bb13862c35bdd1a4ec025ffcdc607015ce102110250c14526b66c47e6beecfa7
tigervnc-server-module-1.11.0-22.el9_0.15.x86_64.rpm SHA-256: 0b1f58263373e296659f1f9ba17e2fa222d846c5d6b96084329063ffbbb0f67c
tigervnc-server-module-debuginfo-1.11.0-22.el9_0.15.x86_64.rpm SHA-256: c413c27c0aaf8e610f596621ca7939c38fa20c41fab8e389a79da530dccdd892

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0

SRPM
tigervnc-1.11.0-22.el9_0.15.src.rpm SHA-256: caa07bcf124226a94ee451cb2802791bd91422ba8abbeb60132769dd71f0dc7e
aarch64
tigervnc-1.11.0-22.el9_0.15.aarch64.rpm SHA-256: c6e81c0dccee8913d9bdf1f3c5b1da78dd95359b8d2b507121321c20179762e9
tigervnc-debuginfo-1.11.0-22.el9_0.15.aarch64.rpm SHA-256: 20c6498784898d5eaaddd8920693fe2b4139b0eb109c730f20f7106504d4da41
tigervnc-debugsource-1.11.0-22.el9_0.15.aarch64.rpm SHA-256: 71aab8ae9a2cbb92082569a9ffe4c2280892c6959e9d1b87cd3dcc1499481f07
tigervnc-icons-1.11.0-22.el9_0.15.noarch.rpm SHA-256: 2110e38a0cf3a165fb82761e5c8b3d7083547601e8eebbb246a009c4077e0a1d
tigervnc-license-1.11.0-22.el9_0.15.noarch.rpm SHA-256: 5dee5b5f3f00a1ef59420f30124a569e24724be38095d1c4a48ecb2a9cf11e60
tigervnc-selinux-1.11.0-22.el9_0.15.noarch.rpm SHA-256: 54e8cdd2bc37d1443352edaec3f98c7d75643309d2b44c8a0754e17fb6b78aeb
tigervnc-server-1.11.0-22.el9_0.15.aarch64.rpm SHA-256: 54181a3dc72da6513e07bfd9ebce33048447778a1b1122778d46795106dd6cc8
tigervnc-server-debuginfo-1.11.0-22.el9_0.15.aarch64.rpm SHA-256: 3ad496a94ec82595696b76a81fa5eae2ff55b3d371cd8eaff33bd596b1f1febf
tigervnc-server-minimal-1.11.0-22.el9_0.15.aarch64.rpm SHA-256: 15698e03ff6cb4b5dae4a496d62a12f21b1a3d2254f10091a911565b0d5b753e
tigervnc-server-minimal-debuginfo-1.11.0-22.el9_0.15.aarch64.rpm SHA-256: 088c8c1dd1907bc8559258411f38d92af0e490ea68bb6c3494093e633e894d37
tigervnc-server-module-1.11.0-22.el9_0.15.aarch64.rpm SHA-256: 90089e72c7537873535d40c6872c3d42774f73aa324e2f8c1cd0f9476378c2f0
tigervnc-server-module-debuginfo-1.11.0-22.el9_0.15.aarch64.rpm SHA-256: 25eed035203f94adc288277fc7c947bf21e1486bb2439a9931b411d7d702ba65

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0

SRPM
tigervnc-1.11.0-22.el9_0.15.src.rpm SHA-256: caa07bcf124226a94ee451cb2802791bd91422ba8abbeb60132769dd71f0dc7e
s390x
tigervnc-1.11.0-22.el9_0.15.s390x.rpm SHA-256: 9c457277a40574374e5f6d248e806b287f0d2bfa0dfbc8ad626b90ca58b4af90
tigervnc-debuginfo-1.11.0-22.el9_0.15.s390x.rpm SHA-256: a3d55c3093abf3c94d95de682f5817174f9660a34ca878ced1656d7f515ceb2e
tigervnc-debugsource-1.11.0-22.el9_0.15.s390x.rpm SHA-256: 8d36f9747946eb310e439be44a98137e592de4c1572d842c0d589c0cc827829a
tigervnc-icons-1.11.0-22.el9_0.15.noarch.rpm SHA-256: 2110e38a0cf3a165fb82761e5c8b3d7083547601e8eebbb246a009c4077e0a1d
tigervnc-license-1.11.0-22.el9_0.15.noarch.rpm SHA-256: 5dee5b5f3f00a1ef59420f30124a569e24724be38095d1c4a48ecb2a9cf11e60
tigervnc-selinux-1.11.0-22.el9_0.15.noarch.rpm SHA-256: 54e8cdd2bc37d1443352edaec3f98c7d75643309d2b44c8a0754e17fb6b78aeb
tigervnc-server-1.11.0-22.el9_0.15.s390x.rpm SHA-256: 73d7359c7f2eac18bd132dab7a858c336f8d573a43914e63aaa111163a56cf9b
tigervnc-server-debuginfo-1.11.0-22.el9_0.15.s390x.rpm SHA-256: 78e25b193be1fb23db7928a61a61103fcd57c8d30a3bb8cc44fcb6885b64b806
tigervnc-server-minimal-1.11.0-22.el9_0.15.s390x.rpm SHA-256: 494369ad86ee113ce83144668aef079dc5b500b4d70f6b9dbb71c3686e049688
tigervnc-server-minimal-debuginfo-1.11.0-22.el9_0.15.s390x.rpm SHA-256: 57c7cf7c79f7b740520f18646d25a0ab267e068cabab7c201ef1091d955cbd37
tigervnc-server-module-1.11.0-22.el9_0.15.s390x.rpm SHA-256: e84f1dc02e5d384dd89646d6a9d89e2b074a257c19dcd3bb56823166b5d64e83
tigervnc-server-module-debuginfo-1.11.0-22.el9_0.15.s390x.rpm SHA-256: 17d434405017f810feca8d564c719867ba9d1ae87137c9898d4418f2e27cbf7c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.