Issued:: 2025-11-25
Updated:: 2025-11-25

RHSA-2025:22077 - Security Advisory

Overview
Updated Packages

Synopsis

Important: tigervnc security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for tigervnc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

xorg: xmayland: Use-after-free in XPresentNotify structure creation (CVE-2025-62229)
xorg: xwayland: Use-after-free in Xkb client resource removal (CVE-2025-62230)
xorg: xmayland: Value overflow in XkbSetCompatMap() (CVE-2025-62231)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Fixes

BZ - 2402649 - CVE-2025-62229 xorg: xmayland: Use-after-free in XPresentNotify structure creation
BZ - 2402653 - CVE-2025-62230 xorg: xwayland: Use-after-free in Xkb client resource removal
BZ - 2402660 - CVE-2025-62231 xorg: xmayland: Value overflow in XkbSetCompatMap()

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
tigervnc-1.9.0-15.el8_2.15.src.rpm	SHA-256: ba30c81c215224bf8d13403ec01a8274db858cd479660933936d26f844cf9393
x86_64
tigervnc-1.9.0-15.el8_2.15.x86_64.rpm	SHA-256: e767766d7772f2cf2621e4d9ecff9908cf018a2b8b009bd9b2f364d78bdd3efb
tigervnc-debuginfo-1.9.0-15.el8_2.15.x86_64.rpm	SHA-256: b0137da7746eda498b602103b4b2f8c6d61052ba72df806f6b383b676136d31d
tigervnc-debugsource-1.9.0-15.el8_2.15.x86_64.rpm	SHA-256: 7c01482658ae7527d41bf68ff3d0cc40198b30d959b914e6c272c0cb1c1356b6
tigervnc-icons-1.9.0-15.el8_2.15.noarch.rpm	SHA-256: dee8f9509fb99f17c57b8e0aa4b2d7110d40ce828c68ef4660794e52038ae95d
tigervnc-license-1.9.0-15.el8_2.15.noarch.rpm	SHA-256: 83f8621387518828ae844e88093c4035817da113900f68bf4e7ab2f7207608cc
tigervnc-server-1.9.0-15.el8_2.15.x86_64.rpm	SHA-256: 1e299d428f027b78855e060bfbd3d5a615e686c96d53e59eec8c107efc070682
tigervnc-server-applet-1.9.0-15.el8_2.15.noarch.rpm	SHA-256: 8a08ed995b957324de4d922356e3a311c4fa1f50a1f100bd5aad1549324ebabc
tigervnc-server-debuginfo-1.9.0-15.el8_2.15.x86_64.rpm	SHA-256: 5b27a6fb102c460a83d628058938b143e028b7258f42bc7907e2dec5d1fe71d9
tigervnc-server-minimal-1.9.0-15.el8_2.15.x86_64.rpm	SHA-256: 62177c6451abfc744bc75f285330178c6e2cc8f7b0c2068b9bd68aae1c441c4f
tigervnc-server-minimal-debuginfo-1.9.0-15.el8_2.15.x86_64.rpm	SHA-256: c27998a64d73a5f60027ad868dd52734d5d153d555422c3493abaf50312e7184
tigervnc-server-module-1.9.0-15.el8_2.15.x86_64.rpm	SHA-256: 480814023426561dabcb49eca3bc20cca9e6777f358aede9957bf67189ef036e
tigervnc-server-module-debuginfo-1.9.0-15.el8_2.15.x86_64.rpm	SHA-256: 5e5fd35d423205a8463dc5ef91f3b68e21ee2d6a87907be8f3f9c80d7054f700

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation