ELSA-2025-2861

Описание

[1.8.0-33.0.5]

• Fix CVE-2025-26594 xorg-x11-server Use-after-free of the root cursor [Orabug: 37712725]
• Fix CVE-2025-26595 xorg-x11-server Buffer overflow in XkbVModMaskText()
• Fix CVE-2025-26596 xorg-x11-server Heap overflow in XkbWriteKeySyms()
• Fix CVE-2025-26597 xorg-x11-server Buffer overflow in XkbChangeTypesOfKey()
• Fix CVE-2025-26598 xorg-x11-server Out-of-bounds write in CreatePointerBarrierClient()
• Fix CVE-2025-26599 xorg-x11-server Use of uninitialized pointer in compRedirectWindow()
• Fix CVE-2025-26600 xorg-x11-server Use-after-free in PlayReleasedEvents()
• Fix CVE-2025-26601 xorg-x11-server Use-after-free in SyncInitTrigger()

[1.8.0-33.0.3]

• xorg-x11-server: xkb: Fix buffer overflow in _XkbSetCompatMap() [CVE-2024-9632][Orabug: 37295822]

[1.8.0-33.0.1]

• Dropped xorg-CVE-2023-5367.patch, xorg-CVE-2023-6816.patch, xorg-CVE-2023-6377.patch, xorg-CVE-2023-6478.patch, xorg-CVE-2024-0229-1.patch, xorg-CVE-2024-0229-2.patch, xorg-CVE-2024-0229-3.patch, xorg-CVE-2024-21885.patch, xorg-CVE-2024-21886-1.patch, xorg-CVE-2024-21886-2.patch, xorg-dix-fix-use-after-free-in-input-device-shutdown.patch, xorg-CVE-2024-31080.patch, xorg-CVE-2024-31081.patch, xorg-CVE-2024-31082.patch, xorg-CVE-2024-31083.patch, xorg-CVE-2024-31083-followup.patch

[1.8.0-33]

• Fix crash caused by fix for CVE-2024-31083 Resolves: RHEL-30976

[1.8.0-32]

• Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents Resolves: RHEL-31006
• Fix CVE-2024-31083 tigervnc: xorg-x11-server: User-after-free in ProcRenderAddGlyphs Resolves: RHEL-30976
• Fix CVE-2024-31081 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice Resolves: RHEL-30993

[1.8.0-31]

• Fix use after free related to CVE-2024-21886 Resolves: RHEL-20436
• Fix copy/paste error in the DeviceStateNotify Resolves: RHEL-20587

[1.8.0-30]

• Don't try to get pointer position when the pointer becomes a floating device Resolves: RHEL-20436

[1.8.0-29]

• Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice Resolves: RHEL-20436
• Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent Resolves: RHEL-20427
• Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access Resolves: RHEL-20587
• Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer Resolves: RHEL-21212

[1.8.0-28]

• Updated fix for CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions Resolves: RHEL-18415

[1.8.0-27]

• Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions Resolves: RHEL-18415
• CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty Resolves: RHEL-18427

[1.8.0-26]

• Fix CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow Resolves: RHEL-15235
• Fix CVE-2023-5367 tigervnc: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty Resolves: RHEL-15223

[1.8.0-25]

• CVE fix for: CVE-2023-1393 Resolves: bz#2180291

[1.8.0-24]

• CVE fix for: CVE-2023-0494 Resolves: bz#2166532

[1.8.0-23]

• Rebuild for xorg-x11-server CVEs Resolves: CVE-2022-4283 (bz#2154267) Resolves: CVE-2022-46340 (bz#2154261) Resolves: CVE-2022-46341 (bz#2154264) Resolves: CVE-2022-46342 (bz#2154262) Resolves: CVE-2022-46343 (bz#2154265) Resolves: CVE-2022-46344 (bz#2154266)

[1.8.0-22]

• Region handling refresh Resolves: bz#1753158

[1.8.0-21]

• Add upstream patch needed because of previous security fixes Resolves: bz#1826822

[1.8.0-20]

• Fix stack buffer overflow in CMsgReader::readSetCursor Resolves: bz#1791773

• Fix heap buffer overflow in DecodeManager::decodeRect Resolves: bz#1791768

• Fix heap buffer overflow in TightDecoder::FilterGradient Resolves: bz#1791763

• Fix heap-based buffer overflow triggered from CopyRectDecoder Resolves: bz#1791747

• Fix stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder Resolves: bz#1791759

• Add option to fallback to empty port when the specified one is taken Resolves: bz#1791996

[1.8.0-19]

• Use vncserver wrapper script to workaround systemd issues Resolves: bz#1747191

[1.8.0-18]

• Rebuild against newer X server to pick up backing store crash fixes Resolves: bz#1670342

[1.8.0-17]

• Release pointer grab when cursor leaves window Resolves: bz#1664801

[1.8.0-16]

• Automatically kill session only when gnome or kde is installed Resolves: bz#1646889

[1.8.0-15]

• Reduce size of context menu hint Resolves: bz#1491608

[1.8.0-14]

• Fix rendering on big endian system Resolves: bz#1618777

  Do not automatically kill sessions Resolves: bz#1646889

[1.8.0-13]

• Add one remaining option to Xvnc manpage Resolves: bz#1601880

[1.8.0-12]

• Add missing options to Xvnc manpage Resolves: bz#1601880

[1.8.0-11]

• Properly kill session after user logs out Resolves: bz#1259757

[1.8.0-10]

• Check endianness when constructing platform pixel buffer Resolves: bz#1613264

[1.8.0-9]

• Use current server time for XUngrabPointer and XUngrabKeyboard Resolves: bz#1605325

[1.8.0-8]

• Ignore fake focus events from XGrabKeyboard() Resolves: bz#1602855

[1.8.0-7] Properly support Xorg 1.20 Resolves: bz#1564061

[1.8.0-6]

• Kill session after user logs out Resolves: bz#1259757

  Build against Xorg 1.20 Resolves: bz#1564061

[1.8.0-5]

• Fix broken scrolling Resolves: bz#1499018

[1.8.0-4]

• Properly initialize tigervnc when started as systemd service Resolves: bz#1506273

[1.8.0-3]

• Make TLS work on FIPS systems Resolves: bz#1492107

[1.8.0-2]

• Let user know that view-only password will not be used Resolves: bz#1447555

[1.8.0-1]

• Update to 1.8.0 Resolves: bz#1388620

[1.7.90-2]

• Make RandR callbacks optional Resolves: bz#1444948

[1.7.90-1]

• Update to 1.7.90 Resolves: bz#1388620

[1.7.1-3]

• Delete underlying ssecurity in SSecurityVeNCrypt [CCVE-2017-7392] Resolves: bz#1439127 Prevent double free by crafted fences [CVE-2017-7393] Resolves: bz#1439134

[1.7.1-2]

• Be more restrictive with shared memory mode bits Resolves: bz#1152552 Limit max username/password size in SSecurityPlain [CVE-2017-7394] Resolves: bz#1438737 Fix crash from integer overflow in SMsgReader::readClientCutText [CVE-2017-7395] Resolves: bz#1438742

[1.7.1-1]

• Update to 1.7.1 Resolves: bz#1388620 Resolves: bz#1343899 Resolves: bz#1410164 Resolves: bz#1415547 Resolves: bz#1418945 Resolves: bz#1416290 Resolves: bz#1342956
• Fix shared memory leakage Resolves: bz#1358090
• Added systemd unit file for xvnc Resolves: bz#1393971

[1.3.1-9]

• Force DT_RUNPATH to point to Mesa's libGL Resolves: bz#1326867

[1.3.1-8]

• Make other security types work Resolves: bz#1341969

[1.3.1-7]

• Restore default behaviour to listen on TCP Resolves: bz#1304646

[1.3.1-6]

• Do not fail to bind a network socket Resolves: bz#1332575
• Do not die when port is already taken Resolves: bz#1322155

[1.3.1-5]

• Update comments in vncserver configuration file example Resolves: bz#1295275

[1.3.1-4]

• Do not crash when using -inetd option Resolves: bz#1283925

[1.3.1-3]

• Do not mention that display number is required in the file name Resolves: bz#1195266

[1.3.1-2]

• Resolves: bz#1248422 CVE-2014-8240 CVE-2014-8241 tigervnc: various flaws

[1.3.1-1]

• Drop unecessary patches
• Re-base to 1.3.1 (bug #1199453)
• Re-build against re-based xserver (bug #1194898)
• Check the return value from XShmAttach (bug #1072733)
• Add missing part of xserver114.patch (bug #1140603)
• Keep pointer in sync (bug #1100661)
• Make input device class global (bug #1119640)
• Add IPv6 support (bug #1162722)
• Set initial mode as prefered (bug #1181287)
• Do not mention that display number is required in the file name (bug #1195266)
• Enable Xinerama extension (bug #1199437)
• Specify full path for runuser command (bug #1208817)

[1.2.80-0.31.20130314svn5065]

• Rebuilt against xorg-x11-server to pick up ppc64le fix (bug #1140424).

[1.2.80-0.30.20130314svn5065]

• Fixed heap-based buffer overflow (CVE-2014-0011, bug #1050928).

[1.2.80-0.29.20130314svn5065]

• Previous patch was not applied.

[1.2.80-0.28.20130314svn5065]

• Clearer xstartup file (bug #923655).

[1.2.80-0.27.20130314svn5065]

• Use keyboard input code from tigervnc-1.3.0 (bug #1053536).

[1.2.80-0.26.20130314svn5065]

• Mass rebuild 2014-01-24

[1.2.80-0.25.20130314svn5065]

• Fixed viewer crash when cursor has not been set (bug #1051333).

[1.2.80-0.24.20130314svn5065]

• Mass rebuild 2013-12-27

[1.2.80-0.23.20130314svn5065]

• Avoid invalid read when ZRLE connection closed (bug #1039926).

[1.2.80-0.22.20130314svn5065]

• Fixed GLX initialisation (bug #1039126).

[1.2.80-0.21.20130314svn5065]

• Better fix for PIDFile problem (bug #1031625).

[1.2.80-0.20.20130314svn5065]

• Rebuild against xserver 1.15RC1

[1.2.80-0.18.20130314svn5065]

• Avoid PIDFile problems in systemd unit file (bug #983232).
• Don't use shebang in vncserver script.

[1.2.80-0.18.20130314svn5065]

• Removed systemd_requires macro in order to fix the build.

[1.2.80-0.17.20130314svn5065]

• Synchronise manpages and --help output (bug #980870).

[1.2.80-0.16.20130314svn5065]

• tigervnc-setcursor-crash.patch: Attempt to paper over a crash in Xvnc when setting the cursor.

[1.2.80-0.15.20130314svn5065]

• bump to rebuild and pick up bugfix causing X to crash on ppc and arm

[1.2.80-0.14.20130314svn5065]

• Use systemd rpm macros (bug #850340). Moved systemd requirements from main package to server sub-package.
• Applied Debian patch to fix busy loop when run from inetd in nowait mode (bug #920373).
• Added dependency on xorg-x11-xinit to server sub-package so that default window manager can be found (bug #896284, bug #923655).
• Fixed bogus changelog date.

[1.2.80-0.13.20130314svn5065]

• Less RHEL customization

[1.2.80-0.12.20130314svn5065]

• include /etc/X11/xorg.conf.d/10-libvnc.conf sample configuration (#712482)
• vncserver now honors specified -geometry parameter (#755947)

[1.2.80-0.11.20130307svn5060]

• update to r5060
• split icons to separate package to avoid multilib issues

[1.2.80-0.10.20130219svn5047]

• update to r5047 (X.Org 1.14 support)

[1.2.80-0.9.20121126svn5015]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

[1.2.80-0.8.20121126svn5015]

• rebuild due to 'jpeg8-ABI' feature drop

[1.2.80-0.7.20121126svn5015]

• rebuild

[1.2.80-0.6.20121126svn5015]

• rebuild against new fltk

[1.2.80-0.5.20121126svn5015]

• update to r5015
• build with -fpic instead of -fPIC on all archs except s390/sparc

[1.2.80-0.4.20120905svn4996]

• Build with -fPIC to fix FTBFS on ARM

[1.2.80-0.3.20120905svn4996]

• tigervnc12-xorg113-glx.patch: Fix to only init glx on the first server generation

[1.2.80-0.2.20120905svn4996]

• tigervnc12-xorg113-glx.patch: Re-enable GLX against xserver 1.13

[1.2.80-0.1.20120905svn4996]

• update to 1.2.80
• remove deprecated patches
  • tigervnc-102434.patch
  • tigervnc-viewer-reparent.patch
  • tigervnc11-java7.patch
• patches merged
  • tigervnc11-xorg111.patch
  • tigervnc11-xorg112.patch

[1.1.0-10]

• fix build against newer X server

[1.1.0-9]

• Build with the Composite extension for feature parity with other X servers

[1.1.0-8]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

[1.1.0-7]

• fix building against X.org 1.13

[1.1.0-6]

• RHEL exclusion for -server-module on ppc* too

[1.1.0-5]

• clean Xvnc's /tmp environment in service file before startup
• fix building against the latest JAVA 7 and X.Org 1.12

[1.1.0-4]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

[1.1.0-3]

• don't build X.Org devel docs (#755782)
• applet: BR generic java-devel instead of java-gcj-devel (#755783)
• use runuser to start Xvnc in systemd service file (#754259)
• don't attepmt to restart Xvnc session during update/erase (#753216)

[1.1.0-2]

• libvnc.so: don't use unexported GetMaster function (#744881)
• remove nasm buildreq

[1.1.0-1]

• update to 1.1.0
• update the xorg11 patch
• patches merged
  • tigervnc11-glx.patch
  • tigervnc11-CVE-2011-1775.patch
  • 0001-Use-memmove-instead-of-memcpy-in-fbblt.c-when-memory.patch

[1.0.90-6]

• add systemd service file and remove legacy SysV initscript (#717227)

[1.0.90-5]

• make Xvnc buildable against X.Org 1.11

[1.0.90-4]

• viewer can send password without proper validation of X.509 certs (CVE-2011-1775)

[1.0.90-3]

• fix wrong usage of memcpy which caused screen artifacts (#652590)
• don't point to inaccessible link in sysconfig/vncservers (#644975)

[1.0.90-2]

• improve compatibility with vinagre client (#692048)

[1.0.90-1]

• update to 1.0.90

[1.0.90-0.32.20110117svn4237]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

[1.0.90-0.31.20110117svn4237]

• fix libvnc.so module loading

[1.0.90-0.30.20110117svn4237]

• update to r4237
• patches merged
  • tigervnc11-optionsdialog.patch
  • tigervnc11-rh607866.patch

[1.0.90-0.29.20101208svn4225]

• improve patch for keyboard issues

[1.0.90-0.28.20101208svn4225]

• attempt to fix various keyboard-related issues (key repeating etc)

[1.0.90-0.27.20101208svn4225]

• render 'Ok' and 'Cancel' buttons in the options dialog correctly

[1.0.90-0.26.20101208svn4225]

• added vncserver lock file (#662784)

[1.0.90-0.25.20101208svn4225]

• update to r4225
• patches merged
  • tigervnc11-rh611677.patch
  • tigervnc11-rh633931.patch
  • tigervnc11-xorg1.10.patch
• enable VeNCrypt and PAM support

[1.0.90-0.24.20100813svn4123]

• rebuild against xserver 1.10.X
• 0001-Return-Success-from-generate_modkeymap-when-max_keys.patch merged

• Wed Sep 29 2010 jkeating - 1.0.90-0.23.20100813svn4123

• Rebuilt for gcc bug 634757

[1.0.90-0.22.20100420svn4030]

• drop xorg-x11-fonts-misc dependency (#636170)

[1.0.90-0.21.20100420svn4030]

• improve patch for #633645 (fix tcsh incompatibilities)

[1.0.90-0.20.20100813svn4123]

• press fake modifiers correctly (#633931)
• supress unneeded debug information emitted from initscript (#633645)

[1.0.90-0.19.20100813svn4123]

• separate Xvnc, vncpasswd and vncconfig to -server-minimal subpkg (#626946)
• move license to separate subpkg and Requires it from main subpkgs
• Xvnc: handle situations when no modifiers exist well (#611677)

[1.0.90-0.18.20100813svn4123]

• update to r4123 (#617973)
• add perl requires to -server subpkg (#619791)

[1.0.90-0.17.20100721svn4113]

• update to r4113
• patches merged
  • tigervnc11-rh586406.patch
  • tigervnc11-libvnc.patch
  • tigervnc11-rh597172.patch
  • tigervnc11-rh600070.patch
  • tigervnc11-options.patch
• don't own %{_datadir}/icons directory (#614301)
• minor improvements in the .desktop file (#616340)
• bundled libjpeg configure requires nasm; is executed even if system-wide libjpeg is used

[1.0.90-0.16.20100420svn4030]

• build against system-wide libjpeg-turbo (#494458)
• build no longer requires nasm

[1.0.90-0.15.20100420svn4030]

• vncserver: accept <+optname> option when specified as the first one

[1.0.90-0.14.20100420svn4030]

• fix memory leak in Xvnc input code (#597172)
• don't crash when receive negative encoding (#600070)
• explicitly disable udev configuration support
• add gettext-autopoint to BR

[1.0.90-0.13.20100420svn4030]

• update URL about SSH tunneling in the sysconfig file (#601996)

[1.0.90-0.12.20100420svn4030]

• use newer gettext
• autopoint now uses git instead of cvs, adjust BuildRequires appropriately

[1.0.90-0.11.20100420svn4030]

• link libvnc.so 'now' to catch 'undefined symbol' errors during Xorg startup
• use always XkbConvertCase instead of XConvertCase (#580159, #586406)
• don't link libvnc.so against libXi.la, libdix.la and libxkb.la; use symbols from Xorg instead

[1.0.90-0.10.20100420svn4030]

• update to r4030 snapshot
• patches merged to upstream
  • tigervnc11-rh522369.patch
  • tigervnc11-rh551262.patch
  • tigervnc11-r4002.patch
  • tigervnc11-r4014.patch

[1.0.90-0.9.20100219svn3993]

• add server-applet subpackage which contains Java vncviewer applet
• fix Java applet; it didn't work when run from web browser
• add xorg-x11-xkb-utils to server Requires

[1.0.90-0.8.20100219svn3993]

• add French translation to vncviewer.desktop (thanks to Alain Portal)

[1.0.90-0.7.20100219svn3993]

• don't crash during pixel format change (#522369, #551262)

[1.0.90-0.6.20100219svn3993]

• add mesa-dri-drivers and xkeyboard-config to -server Requires
• update to r3993 1.0.90 snapshot
  • tigervnc11-noexecstack.patch merged
  • tigervnc11-xorg18.patch merged
  • xserver18.patch is no longer needed

[1.0.90-0.5.20091221svn3929]

• initscript LSB compliance fixes (#523974)

[1.0.90-0.4.20091221svn3929]

• mark stack as non-executable in jpeg ASM code
• add xorg-x11-xauth to Requires
• add support for X.Org 1.8
• drop shave sources, they are no longer needed

[1.0.90-0.3.20091221svn3929]

• drop tigervnc-xorg25909.patch, it has been merged to X.Org upstream

[1.0.90-0.2.20091221svn3929]

• add patch for upstream X.Org issue #25909
• add libXdmcp-devel to build requires to build Xvnc with XDMCP support (#552322)

[1.0.90-0.1.20091221svn3929]

• update to 1.0.90 snapshot
• patches merged
  • tigervnc10-compat.patch
  • tigervnc10-rh510185.patch
  • tigervnc10-rh524340.patch
  • tigervnc10-rh516274.patch

[1.0.0-3]

• create Xvnc keyboard mapping before first keypress (#516274)

[1.0.0-2]

• update underlying X source to 1.6.4-0.3.fc11
• remove bogus '-nohttpd' parameter from /etc/sysconfig/vncservers (#525629)
• initscript LSB compliance fixes (#523974)
• improve -LowColorSwitch documentation and handling (#510185)
• honor dotWhenNoCursor option (and it's changes) every time (#524340)

[1.0.0-1]

• update to 1.0.0
• tigervnc10-rh495457.patch merged to upstream

[0.0.91-0.17]

• fix ifnarch s390x for server-module

[0.0.91-0.16]

• rebuilt with new openssl

[0.0.91-0.15]

• make Xvnc compilable

[0.0.91-0.14.1]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

[0.0.91-0.13.1]

• don't write warning when initscript is called with condrestart param (#508367)

[0.0.91-0.13]

• temporary use F11 Xserver base to make Xvnc compilable
• BuildRequires: libXi-devel
• don't ship tigervnc-server-module on s390/s390x

[0.0.91-0.12]

• fix local rendering of cursor (#495457)

[0.0.91-0.11]

• update to 0.0.91 (1.0.0 RC1)
• patches merged
  • tigervnc10-rh499401.patch
  • tigervnc10-rh497592.patch
  • tigervnc10-rh501832.patch
• after discusion in upstream drop tigervnc-bounds.patch
• configure flags cleanup

[0.0.90-0.10]

• rebuild against 1.6.1.901 X server (#497835)
• disable i18n, vncviewer is not UTF-8 compatible (#501832)

[0.0.90-0.9]

• fix vncpasswd crash on long passwords (#499401)
• start session dbus daemon correctly (#497592)

[0.0.90-0.8.1]

• remove merged tigervnc-manminor.patch

[0.0.90-0.8]

• update to 0.0.90

[0.0.90-0.7.20090427svn3789]

• server package now requires xorg-x11-fonts-misc (#498184)

[0.0.90-0.6.20090427svn3789]

• update to r3789
  • tigervnc-rh494801.patch merged
• tigervnc-newfbsize.patch is no longer needed
• fix problems when vncviewer and Xvnc run on different endianess (#496653)
• UltraVNC and TightVNC clients work fine again (#496786)

[0.0.90-0.5.20090403svn3751]

• workaround broken fontpath handling in vncserver script (#494801)

[0.0.90-0.4.20090403svn3751]

• update to r3751
• patches merged
  • tigervnc-xclients.patch
  • tigervnc-clipboard.patch
  • tigervnc-rh212985.patch
• basic RandR support in Xvnc (resize of the desktop)
• use built-in libjpeg (SSE2/MMX accelerated encoding on x86 platform)
• use Tight encoding by default
• use TigerVNC icons

[0.0.90-0.3.20090303svn3631]

• update to r3631

[0.0.90-0.2.20090302svn3621]

• package review related fixes

[0.0.90-0.1.20090302svn3621]

• initial package, r3621