FEDORA-2025-ef7fb833f2 — security update for tigervnc

stable

tigervnc-1.15.0-2.fc42

FEDORA-2025-ef7fb833f2 created by jgrulich a year ago for Fedora 42

Fixes for xorg-x11-server CVEs.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2025-ef7fb833f2

This update has been submitted for testing by jgrulich.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

jgrulich edited this update.

a year ago

This update has been pushed to testing.

a year ago

This update has been submitted for stable by bodhi.

There is an ongoing freeze; this will be pushed to stable after the freeze is over.

a year ago

This update has been pushed to stable.

12 months ago

Please log in to add feedback.

Metadata

Type

security

Severity

high

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

3 days

Dates

submitted

a year ago

in testing

a year ago

in stable

12 months ago

modified

a year ago

approved

a year ago

Builds

tigervnc-1.15.0-2.fc42

BZ#2349366 CVE-2025-26598 tigervnc: Out-of-bounds write in CreatePointerBarrierClient() [fedora-all]

BZ#2349369 CVE-2025-26594 tigervnc: Use-after-free of the root cursor [fedora-all]

BZ#2349372 CVE-2025-26596 tigervnc: Heap overflow in XkbWriteKeySyms() [fedora-all]

BZ#2349375 CVE-2025-26595 tigervnc: Buffer overflow in XkbVModMaskText() [fedora-all]

BZ#2349378 CVE-2025-26597 tigervnc: Buffer overflow in XkbChangeTypesOfKey() [fedora-all]

BZ#2349455 CVE-2025-26599 tigervnc: Use of uninitialized pointer in compRedirectWindow() [fedora-all]

BZ#2349460 CVE-2025-26601 tigervnc: Use-after-free in SyncInitTrigger() [fedora-all]

BZ#2349461 CVE-2025-26600 tigervnc: Use-after-free in PlayReleasedEvents() [fedora-all]

tigervnc-1.15.0-2.fc42

Automated Test Results

ignored