Explore top 10 tips to secure your open-source projects now. Read More
×New tigervnc packages are available for Slackware 15.0 and -current to fix security issues.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] tigervnc (SSA:2026-190-01) New tigervnc packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ extra/tigervnc/tigervnc-1.16.2-i586-4_slack15.0.txz: Rebuilt. Recompiled against xorg-server-1.20.14, including patches for security issues: glamor Font Atlas Heap Buffer Overflow. GLX contextTags Use-After-Free in CommonMakeCurrent(). For more information, see: https://lists.x.org/archives/xorg/2026-July/062255.html https://www.cve.org/CVERecord?id=CVE-2026-55999 https://www.cve.org/CVERecord?id=CVE-2026-56000 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/extra/tigervnc/tigervnc-1.16.2-i586-4_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/extra/tigervnc/tigervnc-1.16.2-x86_64-4_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/extra/tigervnc/tigervnc-1.16.2-i686-5.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/extra/tigervnc/tigervnc-1.16.2-x86_64-5.txz MD5 signatures: +-------------+ Slackware 15.0 package: e91b4d85ebcff2b70ba7e40c0a229a6c tigervnc-1.16.2-i586-4_slack15.0.txz Slackware x86_64 15.0 package: 2c7277f1e3e7cd9236880f7ecc6f8f3c tigervnc-1.16.2-x86_64-4_slack15.0.txz Slackware -current package: 3c62c5ea413d4c3117d8a46d1a538591 tigervnc-1.16.2-i686-5.txz Slackware x86_64 -current package: 5800715ba19bff2691bed15edeb3fbbb tigervnc-1.16.2-x86_64-5.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg tigervnc-1.16.2-i586-4_slack15.0.txz +-----+ . Tigervnc packages for Slackware 15.0 and -current updated to address critical security issues and vulnerabilities.. tigervnc packages, slackware security, buffer overflow fix. . Severity: Important. LinuxSecurity.com Team
Fixes CVE-2026-50256 CVE-2026-50257 CVE-2026-50258 CVE-2026-50259 CVE-2026-50260 CVE-2026-50261 CVE-2026-50262 CVE-2026-50263 CVE-2026-50264.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-ad10afa9cd 2026-06-27 00:54:50.049697+00:00 -------------------------------------------------------------------------------- Name : tigervnc Product : Fedora 43 Version : 1.16.2 Release : 4.fc43 URL : https://www.tigervnc.com Summary : A TigerVNC remote display system Description : Virtual Network Computing (VNC) is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. This package contains a client which will allow you to connect to other desktops running a VNC server. -------------------------------------------------------------------------------- Update Information: Fixes CVE-2026-50256 CVE-2026-50257 CVE-2026-50258 CVE-2026-50259 CVE-2026-50260 CVE-2026-50261 CVE-2026-50262 CVE-2026-50263 CVE-2026-50264. -------------------------------------------------------------------------------- ChangeLog: * Thu Jun 18 2026 Jan Grulich - 1.16.2-4 - Rebuild (xorg-x11-server) Fixes CVE-2026-50256 CVE-2026-50257 CVE-2026-50258 CVE-2026-50259 CVE-2026-50260 CVE-2026-50261 CVE-2026-50262 CVE-2026-50263 CVE-2026-50264 * Fri Jun 12 2026 Yaakov Selkowitz - 1.16.2-3 - Rebuilt for openssl 4.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2476414 - CVE-2026-34002 tigervnc: X.Org X server: Information disclosure or Denial of Service via out-of-bounds read in XKB modifier map handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476414 [ 2 ] Bug #2476956 - CVE-2026-33999 tigervnc: X.Org X server: Denial of Service via integer underflow inXKB compatibility map handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476956 [ 3 ] Bug #2476958 - CVE-2026-34001 tigervnc: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476958 [ 4 ] Bug #2476965 - CVE-2026-34003 tigervnc: X.Org X server: Information exposure and denial of service via out-of-bounds memory access [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2476965 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ad10afa9cd' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Important: tigervnc security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:29844", "synopsis": "Important: tigervnc security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for tigervnc.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.\n\nSecurity Fix(es):\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch (CVE-2026-50256)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in miSyncDestroyFence() (CVE-2026-50257)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in XKB key types due to unchecked shift levels (CVE-2026-50258)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in XKB SetMap request via mapWidths indexing (CVE-2026-50259)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in FreeCounter() (CVE-2026-50260)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in SyncChangeCounter() (CVE-2026-50261)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds read/write in GLX ChangeDrawableAttributes (CVE-2026-50262)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free information disclosure in CreateSaverWindow() (CVE-2026-50263)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat (CVE-2026-50264)\n\nFor more details aboutthe security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2485380", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2485380", "description": ""}, {"ticket": "2485382", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2485382", "description": ""}, {"ticket": "2485383", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2485383", "description": ""}, {"ticket": "2485384", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2485384", "description": ""}, {"ticket": "2485385", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2485385", "description": ""}, {"ticket": "2485386", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2485386", "description": ""}, {"ticket": "2485387", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2485387", "description": ""}, {"ticket": "2485388", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2485388", "description": ""}, {"ticket": "2485389", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2485389", "description": ""}], "cves": [{"name": "CVE-2026-50256", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50256", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-121"}, {"name": "CVE-2026-50257", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50257", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-416"}, {"name": "CVE-2026-50258", "sourceBy": "MITRE", "sourceLink":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50258", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-121"}, {"name": "CVE-2026-50259", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50259", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-121"}, {"name": "CVE-2026-50260", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50260", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-416"}, {"name": "CVE-2026-50261", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50261", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-416"}, {"name": "CVE-2026-50262", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50262", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss3BaseScore": "5.5", "cwe": "CWE-125"}, {"name": "CVE-2026-50263", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50263", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss3BaseScore": "5.5", "cwe": "CWE-416"}, {"name": "CVE-2026-50264", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50264", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-787"}], "references": [], "publishedAt": "2026-06-26T12:03:13.137376Z", "rpms": {"Rocky Linux 9": {"nvras": ["tigervnc-0:1.15.0-7.el9_8.2.aarch64.rpm", "tigervnc-0:1.15.0-7.el9_8.2.ppc64le.rpm", "tigervnc-0:1.15.0-7.el9_8.2.s390x.rpm", "tigervnc-0:1.15.0-7.el9_8.2.src.rpm", "tigervnc-0:1.15.0-7.el9_8.2.x86_64.rpm", "tigervnc-debuginfo-0:1.15.0-7.el9_8.2.aarch64.rpm", "tigervnc-debuginfo-0:1.15.0-7.el9_8.2.ppc64le.rpm","tigervnc-debuginfo-0:1.15.0-7.el9_8.2.s390x.rpm", "tigervnc-debuginfo-0:1.15.0-7.el9_8.2.x86_64.rpm", "tigervnc-debugsource-0:1.15.0-7.el9_8.2.aarch64.rpm", "tigervnc-debugsource-0:1.15.0-7.el9_8.2.ppc64le.rpm", "tigervnc-debugsource-0:1.15.0-7.el9_8.2.s390x.rpm", "tigervnc-debugsource-0:1.15.0-7.el9_8.2.x86_64.rpm", "tigervnc-icons-0:1.15.0-7.el9_8.2.noarch.rpm", "tigervnc-license-0:1.15.0-7.el9_8.2.noarch.rpm", "tigervnc-selinux-0:1.15.0-7.el9_8.2.noarch.rpm", "tigervnc-server-0:1.15.0-7.el9_8.2.aarch64.rpm", "tigervnc-server-0:1.15.0-7.el9_8.2.ppc64le.rpm", "tigervnc-server-0:1.15.0-7.el9_8.2.s390x.rpm", "tigervnc-server-0:1.15.0-7.el9_8.2.x86_64.rpm", "tigervnc-server-debuginfo-0:1.15.0-7.el9_8.2.aarch64.rpm", "tigervnc-server-debuginfo-0:1.15.0-7.el9_8.2.ppc64le.rpm", "tigervnc-server-debuginfo-0:1.15.0-7.el9_8.2.s390x.rpm", "tigervnc-server-debuginfo-0:1.15.0-7.el9_8.2.x86_64.rpm", "tigervnc-server-minimal-0:1.15.0-7.el9_8.2.aarch64.rpm", "tigervnc-server-minimal-0:1.15.0-7.el9_8.2.ppc64le.rpm", "tigervnc-server-minimal-0:1.15.0-7.el9_8.2.s390x.rpm", "tigervnc-server-minimal-0:1.15.0-7.el9_8.2.x86_64.rpm", "tigervnc-server-minimal-debuginfo-0:1.15.0-7.el9_8.2.aarch64.rpm", "tigervnc-server-minimal-debuginfo-0:1.15.0-7.el9_8.2.ppc64le.rpm", "tigervnc-server-minimal-debuginfo-0:1.15.0-7.el9_8.2.s390x.rpm", "tigervnc-server-minimal-debuginfo-0:1.15.0-7.el9_8.2.x86_64.rpm", "tigervnc-server-module-0:1.15.0-7.el9_8.2.aarch64.rpm", "tigervnc-server-module-0:1.15.0-7.el9_8.2.ppc64le.rpm", "tigervnc-server-module-0:1.15.0-7.el9_8.2.s390x.rpm", "tigervnc-server-module-0:1.15.0-7.el9_8.2.x86_64.rpm", "tigervnc-server-module-debuginfo-0:1.15.0-7.el9_8.2.aarch64.rpm", "tigervnc-server-module-debuginfo-0:1.15.0-7.el9_8.2.ppc64le.rpm", "tigervnc-server-module-debuginfo-0:1.15.0-7.el9_8.2.s390x.rpm", "tigervnc-server-module-debuginfo-0:1.15.0-7.el9_8.2.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important tigervnc update available for Rocky Linux 9 addressing major security issues. Ensure yoursystems are protected.. Rocky Linux RLSA-2026 tigervnc update buffer overflow. . Severity: Important. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-29844 http://linux.oracle.com/errata/ELSA-2026-29844.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: tigervnc-1.15.0-7.el9_8.2.x86_64.rpm tigervnc-icons-1.15.0-7.el9_8.2.noarch.rpm tigervnc-license-1.15.0-7.el9_8.2.noarch.rpm tigervnc-selinux-1.15.0-7.el9_8.2.noarch.rpm tigervnc-server-1.15.0-7.el9_8.2.x86_64.rpm tigervnc-server-minimal-1.15.0-7.el9_8.2.x86_64.rpm tigervnc-server-module-1.15.0-7.el9_8.2.x86_64.rpm aarch64: tigervnc-1.15.0-7.el9_8.2.aarch64.rpm tigervnc-icons-1.15.0-7.el9_8.2.noarch.rpm tigervnc-license-1.15.0-7.el9_8.2.noarch.rpm tigervnc-selinux-1.15.0-7.el9_8.2.noarch.rpm tigervnc-server-1.15.0-7.el9_8.2.aarch64.rpm tigervnc-server-minimal-1.15.0-7.el9_8.2.aarch64.rpm tigervnc-server-module-1.15.0-7.el9_8.2.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/tigervnc-1.15.0-7.el9_8.2.src.rpm Related CVEs: CVE-2026-50256 CVE-2026-50257 CVE-2026-50258 CVE-2026-50259 CVE-2026-50260 CVE-2026-50261 CVE-2026-50262 CVE-2026-50263 CVE-2026-50264 Description of changes: [1.15.0-7.2] - Rebuild for updated xorg-x11-server Resolves: RHEL-184003 _______________________________________________ El-errata mailing list
Important: tigervnc security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:28923", "synopsis": "Important: tigervnc security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for tigervnc.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.\n\nSecurity Fix(es):\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch (CVE-2026-50256)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in miSyncDestroyFence() (CVE-2026-50257)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in XKB key types due to unchecked shift levels (CVE-2026-50258)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in XKB SetMap request via mapWidths indexing (CVE-2026-50259)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in FreeCounter() (CVE-2026-50260)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in SyncChangeCounter() (CVE-2026-50261)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds read/write in GLX ChangeDrawableAttributes (CVE-2026-50262)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free information disclosure in CreateSaverWindow() (CVE-2026-50263)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat (CVE-2026-50264)\n\nFor more details aboutthe security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2485380", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2485380", "description": ""}, {"ticket": "2485382", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2485382", "description": ""}, {"ticket": "2485383", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2485383", "description": ""}, {"ticket": "2485384", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2485384", "description": ""}, {"ticket": "2485385", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2485385", "description": ""}, {"ticket": "2485386", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2485386", "description": ""}, {"ticket": "2485387", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2485387", "description": ""}, {"ticket": "2485388", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2485388", "description": ""}, {"ticket": "2485389", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2485389", "description": ""}], "cves": [{"name": "CVE-2026-50256", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50256", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-121"}, {"name": "CVE-2026-50257", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50257", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-416"}, {"name": "CVE-2026-50258", "sourceBy": "MITRE", "sourceLink":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50258", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-121"}, {"name": "CVE-2026-50259", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50259", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-121"}, {"name": "CVE-2026-50260", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50260", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-416"}, {"name": "CVE-2026-50261", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50261", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-416"}, {"name": "CVE-2026-50262", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50262", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss3BaseScore": "5.5", "cwe": "CWE-125"}, {"name": "CVE-2026-50263", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50263", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "cvss3BaseScore": "5.5", "cwe": "CWE-416"}, {"name": "CVE-2026-50264", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50264", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-787"}], "references": [], "publishedAt": "2026-06-25T06:00:31.266414Z", "rpms": {"Rocky Linux 8": {"nvras": ["tigervnc-0:1.15.0-10.el8_10.aarch64.rpm", "tigervnc-0:1.15.0-10.el8_10.src.rpm", "tigervnc-0:1.15.0-10.el8_10.x86_64.rpm", "tigervnc-debuginfo-0:1.15.0-10.el8_10.aarch64.rpm", "tigervnc-debuginfo-0:1.15.0-10.el8_10.x86_64.rpm", "tigervnc-debugsource-0:1.15.0-10.el8_10.aarch64.rpm","tigervnc-debugsource-0:1.15.0-10.el8_10.x86_64.rpm", "tigervnc-icons-0:1.15.0-10.el8_10.noarch.rpm", "tigervnc-license-0:1.15.0-10.el8_10.noarch.rpm", "tigervnc-selinux-0:1.15.0-10.el8_10.noarch.rpm", "tigervnc-server-0:1.15.0-10.el8_10.aarch64.rpm", "tigervnc-server-0:1.15.0-10.el8_10.x86_64.rpm", "tigervnc-server-debuginfo-0:1.15.0-10.el8_10.aarch64.rpm", "tigervnc-server-debuginfo-0:1.15.0-10.el8_10.x86_64.rpm", "tigervnc-server-minimal-0:1.15.0-10.el8_10.aarch64.rpm", "tigervnc-server-minimal-0:1.15.0-10.el8_10.x86_64.rpm", "tigervnc-server-minimal-debuginfo-0:1.15.0-10.el8_10.aarch64.rpm", "tigervnc-server-minimal-debuginfo-0:1.15.0-10.el8_10.x86_64.rpm", "tigervnc-server-module-0:1.15.0-10.el8_10.aarch64.rpm", "tigervnc-server-module-0:1.15.0-10.el8_10.x86_64.rpm", "tigervnc-server-module-debuginfo-0:1.15.0-10.el8_10.aarch64.rpm", "tigervnc-server-module-debuginfo-0:1.15.0-10.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Update available for important tigervnc security issues affecting Rocky Linux, with multiple CVEs and a focus on VNC functionality.. tigervnc security update,Rocky Linux security advisory,buffer overflow fixes,VNC remote access vulnerabilities. . Severity: Important. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-28923 http://linux.oracle.com/errata/ELSA-2026-28923.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: tigervnc-1.15.0-10.el8_10.x86_64.rpm tigervnc-icons-1.15.0-10.el8_10.noarch.rpm tigervnc-license-1.15.0-10.el8_10.noarch.rpm tigervnc-selinux-1.15.0-10.el8_10.noarch.rpm tigervnc-server-1.15.0-10.el8_10.x86_64.rpm tigervnc-server-minimal-1.15.0-10.el8_10.x86_64.rpm tigervnc-server-module-1.15.0-10.el8_10.x86_64.rpm aarch64: tigervnc-1.15.0-10.el8_10.aarch64.rpm tigervnc-icons-1.15.0-10.el8_10.noarch.rpm tigervnc-license-1.15.0-10.el8_10.noarch.rpm tigervnc-selinux-1.15.0-10.el8_10.noarch.rpm tigervnc-server-1.15.0-10.el8_10.aarch64.rpm tigervnc-server-minimal-1.15.0-10.el8_10.aarch64.rpm tigervnc-server-module-1.15.0-10.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/tigervnc-1.15.0-10.el8_10.src.rpm Related CVEs: CVE-2026-50256 CVE-2026-50257 CVE-2026-50258 CVE-2026-50259 CVE-2026-50260 CVE-2026-50261 CVE-2026-50262 CVE-2026-50263 CVE-2026-50264 Description of changes: [1.15.0-10] - Rebuild for updated xorg-x11-server Resolves: RHEL-183998 _______________________________________________ El-errata mailing list
Important: tigervnc security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:13414", "synopsis": "Important: tigervnc security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for tigervnc.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.\n\nSecurity Fix(es):\n\n* xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling (CVE-2026-33999)\n\n* xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption (CVE-2026-34001)\n\n* xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access (CVE-2026-34003)\n\n* TigerVNC: x0vncserver: TigerVNC x0vncserver: Information disclosure, data manipulation, and denial of service via incorrect permissions (CVE-2026-34352)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2451106", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2451106", "description": ""}, {"ticket": "2451109", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2451109", "description": ""}, {"ticket": "2451113", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2451113", "description": ""}, {"ticket": "2452022", "sourceBy": "Red Hat", "sourceLink":"https://bugzilla.redhat.com/show_bug.cgi?id=2452022", "description": ""}], "cves": [{"name": "CVE-2026-33999", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33999", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-191"}, {"name": "CVE-2026-34001", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34001", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-825"}, {"name": "CVE-2026-34003", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34003", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-125"}, {"name": "CVE-2026-34352", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34352", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "cvss3BaseScore": "6.3", "cwe": "CWE-279"}], "references": [], "publishedAt": "2026-05-07T06:00:59.922786Z", "rpms": {"Rocky Linux 8": {"nvras": ["tigervnc-0:1.15.0-9.el8_10.aarch64.rpm", "tigervnc-0:1.15.0-9.el8_10.src.rpm", "tigervnc-0:1.15.0-9.el8_10.x86_64.rpm", "tigervnc-debuginfo-0:1.15.0-9.el8_10.aarch64.rpm", "tigervnc-debuginfo-0:1.15.0-9.el8_10.x86_64.rpm", "tigervnc-debugsource-0:1.15.0-9.el8_10.aarch64.rpm", "tigervnc-debugsource-0:1.15.0-9.el8_10.x86_64.rpm", "tigervnc-icons-0:1.15.0-9.el8_10.noarch.rpm", "tigervnc-license-0:1.15.0-9.el8_10.noarch.rpm", "tigervnc-selinux-0:1.15.0-9.el8_10.noarch.rpm", "tigervnc-server-0:1.15.0-9.el8_10.aarch64.rpm", "tigervnc-server-0:1.15.0-9.el8_10.x86_64.rpm", "tigervnc-server-debuginfo-0:1.15.0-9.el8_10.aarch64.rpm", "tigervnc-server-debuginfo-0:1.15.0-9.el8_10.x86_64.rpm", "tigervnc-server-minimal-0:1.15.0-9.el8_10.aarch64.rpm", "tigervnc-server-minimal-0:1.15.0-9.el8_10.x86_64.rpm", "tigervnc-server-minimal-debuginfo-0:1.15.0-9.el8_10.aarch64.rpm","tigervnc-server-minimal-debuginfo-0:1.15.0-9.el8_10.x86_64.rpm", "tigervnc-server-module-0:1.15.0-9.el8_10.aarch64.rpm", "tigervnc-server-module-0:1.15.0-9.el8_10.x86_64.rpm", "tigervnc-server-module-debuginfo-0:1.15.0-9.el8_10.aarch64.rpm", "tigervnc-server-module-debuginfo-0:1.15.0-9.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Update addressing important security issues in TigerVNC for Rocky Linux, including several fixes for denial of service threats.. rocky linux tigervnc update security important. . Severity: Important. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-13414 http://linux.oracle.com/errata/ELSA-2026-13414.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: tigervnc-1.15.0-9.el8_10.x86_64.rpm tigervnc-icons-1.15.0-9.el8_10.noarch.rpm tigervnc-license-1.15.0-9.el8_10.noarch.rpm tigervnc-selinux-1.15.0-9.el8_10.noarch.rpm tigervnc-server-1.15.0-9.el8_10.x86_64.rpm tigervnc-server-minimal-1.15.0-9.el8_10.x86_64.rpm tigervnc-server-module-1.15.0-9.el8_10.x86_64.rpm aarch64: tigervnc-1.15.0-9.el8_10.aarch64.rpm tigervnc-icons-1.15.0-9.el8_10.noarch.rpm tigervnc-license-1.15.0-9.el8_10.noarch.rpm tigervnc-selinux-1.15.0-9.el8_10.noarch.rpm tigervnc-server-1.15.0-9.el8_10.aarch64.rpm tigervnc-server-minimal-1.15.0-9.el8_10.aarch64.rpm tigervnc-server-module-1.15.0-9.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/tigervnc-1.15.0-9.el8_10.src.rpm Related CVEs: CVE-2026-33999 CVE-2026-34001 CVE-2026-34003 CVE-2026-34352 Description of changes: [1.15.0-9] - Fix CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, CVE-2026-34003 xorg-x11-server: various XKB and XSYNC vulnerabilities Resolves: RHEL-163203 Resolves: RHEL-163271 Resolves: RHEL-163257 - Fix CVE-2026-34352 Resolves: RHEL-167760 _______________________________________________ El-errata mailing list
Get the latest Linux and open source security news straight to your inbox.