tigervnc-1.15.0-7.el8_10

エラータID: AXSA:2025-10034:05

Release date: 
Wednesday, June 25, 2025 - 11:58
Subject: 
tigervnc-1.15.0-7.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

Security Fix(es):

* xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors (CVE-2025-49175)
* xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in Big Requests Extension (CVE-2025-49176)
* xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore (CVE-2025-49178)
* xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer overflow in X Record extension (CVE-2025-49179)
* xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension (CVE-2025-49180)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-49175
A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.
CVE-2025-49176
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.
CVE-2025-49178
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.
CVE-2025-49179
A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.
CVE-2025-49180
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.

Solution: 

Update packages.

CVEs: 
CVE-2025-49175
A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.
CVE-2025-49176
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.
CVE-2025-49178
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.
CVE-2025-49179
A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.
CVE-2025-49180
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
Additional Info: 

N/A

Download: 

SRPMS
  1. tigervnc-1.15.0-7.el8_10.src.rpm
    MD5: 1cce8da2fea24cdb417b2778843a89df
    SHA-256: 6f31bb2b85126e7b897d77823c8cea93478bde8f5ce3d4b1db273be4ceb4c435
    Size: 2.11 MB

Asianux Server 8 for x86_64
  1. tigervnc-1.15.0-7.el8_10.x86_64.rpm
    MD5: bfab2a3e94d1dedd0a86ca6e878bcb68
    SHA-256: 4191d0d104556aad0506a7481a2b84587995419db6cd4c557c951498f1f331e0
    Size: 407.10 kB
  2. tigervnc-icons-1.15.0-7.el8_10.noarch.rpm
    MD5: 93928decd213ea8b3a4e8ee0177bb97f
    SHA-256: 1767f2159fb876950575c141c703121ba2fb9333fbb2c2760833f990c0f32ee4
    Size: 63.84 kB
  3. tigervnc-license-1.15.0-7.el8_10.noarch.rpm
    MD5: 2079e564b20e0effafc1ceb272e5f0ee
    SHA-256: d3d99aeeb20cd984a60d0bf2ae9ce44f22fa061110d953e58b0811a754cb4051
    Size: 44.22 kB
  4. tigervnc-selinux-1.15.0-7.el8_10.noarch.rpm
    MD5: bb661c2df5b8ad692f70e2d859483891
    SHA-256: 878c63db49a715e265f1f60cce376da76df733c0c5015e483a32696e13734e96
    Size: 53.45 kB
  5. tigervnc-server-1.15.0-7.el8_10.x86_64.rpm
    MD5: 7f7aa2e05796ce766a6e6a45ed6f7b92
    SHA-256: 8177ebb72815bede6ae5c539e2b6492a202baca175eb0c11b811eaafb94649ea
    Size: 315.33 kB
  6. tigervnc-server-minimal-1.15.0-7.el8_10.x86_64.rpm
    MD5: 64b90a1648033fe3a2a1f3e8289b947e
    SHA-256: 9a8bcf8ef270bd77fec0e9d80db38f8af2836bd5d11c8f6a49f2dbb0a7e801bb
    Size: 1.17 MB
  7. tigervnc-server-module-1.15.0-7.el8_10.x86_64.rpm
    MD5: c77caa9d0457497b26f7c92a3b03c8c8
    SHA-256: fe7ab87f3c2e71ad46ff1cc6becae194c44757012ffc25b1f00c421ad5a2469c
    Size: 310.46 kB