From 8e02c2f3a31f286a9f7ad2f100f0098219bd57de Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Mon, 23 Jun 2025 11:48:59 +0200 Subject: [PATCH] Fix CVE-2025-49175: xorg-x11-server: Out-of-Bounds Read in X Rendering Extension Animated Cursors Resolves: RHEL-97284 Fix CVE-2025-49176: xorg-x11-server: Integer Overflow in Big Requests Extension Resolves: RHEL-97303 Fix CVE-2025-49178: xorg-x11-server: Unprocessed Client Request Due to Bytes to Ignore Resolves: RHEL-97379 Fix CVE-2025-49179: xorg-x11-server: Integer overflow in X Record extension Resolves: RHEL-97414 Fix CVE-2025-49180: xorg-x11-server: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension Resolves: RHEL-97429 --- tigervnc.spec | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/tigervnc.spec b/tigervnc.spec index c1163e0..717d8d2 100644 --- a/tigervnc.spec +++ b/tigervnc.spec @@ -5,7 +5,7 @@ Name: tigervnc Version: 1.15.0 -Release: 4%{?dist} +Release: 5%{?dist} Summary: A TigerVNC remote display system %global _hardened_build 1 @@ -398,6 +398,22 @@ fi %ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/%{selinuxtype}/active/modules/200/%{modulename} %changelog +* Mon Jun 23 2025 Jan Grulich - 1.15.0-5 +- Fix CVE-2025-49175: xorg-x11-server: Out-of-Bounds Read in X Rendering Extension Animated Cursors + Resolves: RHEL-97284 + +- Fix CVE-2025-49176: xorg-x11-server: Integer Overflow in Big Requests Extension + Resolves: RHEL-97303 + +- Fix CVE-2025-49178: xorg-x11-server: Unprocessed Client Request Due to Bytes to Ignore + Resolves: RHEL-97379 + +- Fix CVE-2025-49179: xorg-x11-server: Integer overflow in X Record extension + Resolves: RHEL-97414 + +- Fix CVE-2025-49180: xorg-x11-server: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension + Resolves: RHEL-97429 + * Tue May 27 2025 Jan Grulich - 1.15.0-4 - Fix broken authentication with x0vncserver Resolves: RHEL-93573