Red Hat Product Errata RHSA-2026:22424 - Security Advisory Issued: 2026-06-02 Updated: 2026-06-02 RHSA-2026:22424 - Security Advisory Overview Updated Packages Synopsis Important: tigervnc security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for tigervnc is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Security Fix(es): xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling (CVE-2026-33999) xwayland: xorg: X.Org X server: Information disclosure and denial of service via out-of-bounds read in XKB geometry processing. (CVE-2026-34000) xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption (CVE-2026-34001) xorg: xwayland: X.Org X server: Information disclosure or Denial of Service via out-of-bounds read in XKB modifier map handling (CVE-2026-34002) xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access (CVE-2026-34003) TigerVNC: x0vncserver: TigerVNC x0vncserver: Information disclosure, data manipulation, and denial of service via incorrect permissions (CVE-2026-34352) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2451106 - CVE-2026-33999 xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling BZ - 2451107 - CVE-2026-34000 xwayland: xorg: X.Org X server: Information disclosure and denial of service via out-of-bounds read in XKB geometry processing. BZ - 2451109 - CVE-2026-34001 xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption BZ - 2451112 - CVE-2026-34002 xorg: xwayland: X.Org X server: Information disclosure or Denial of Service via out-of-bounds read in XKB modifier map handling BZ - 2451113 - CVE-2026-34003 xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access BZ - 2452022 - CVE-2026-34352 TigerVNC: x0vncserver: TigerVNC x0vncserver: Information disclosure, data manipulation, and denial of service via incorrect permissions CVEs CVE-2026-33999 CVE-2026-34000 CVE-2026-34001 CVE-2026-34002 CVE-2026-34003 CVE-2026-34352 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM tigervnc-1.14.1-10.el9_6.src.rpm SHA-256: 05e5125dbc5326f2fe9f37fe01ba8213993da0ff95a970b0571bfea75fb335df x86_64 tigervnc-1.14.1-10.el9_6.x86_64.rpm SHA-256: bac8eb46e7e033d3806c2a46c95233c37ccb7c0652252c285d5e3d1a9cc7a969 tigervnc-debuginfo-1.14.1-10.el9_6.x86_64.rpm SHA-256: a223059b877b6b37785cf57d3736e79410469cc228ce9d761bffd9abbc2f5aa0 tigervnc-debugsource-1.14.1-10.el9_6.x86_64.rpm SHA-256: b1ce5d72c8e2d5290bcd319256fa267cf18d9758f6fc9928707d0048663d33b0 tigervnc-icons-1.14.1-10.el9_6.noarch.rpm SHA-256: 5c010253291f29982efb63329afac232484e659f282efe3ca8474b7c92d22f68 tigervnc-license-1.14.1-10.el9_6.noarch.rpm SHA-256: ab9241702199c82e7216fc309769f60711084ff00c88c70b640532ea61360103 tigervnc-selinux-1.14.1-10.el9_6.noarch.rpm SHA-256: c2930a00822a8d15b00f099767f5ebdc342405c80619c472e617fb6a90b56d79 tigervnc-server-1.14.1-10.el9_6.x86_64.rpm SHA-256: d3cfd95366c620e4f420078ae3095d328176a6a65ca21ccb7b3ab930b74e448f tigervnc-server-debuginfo-1.14.1-10.el9_6.x86_64.rpm SHA-256: 52e1730c81b3871c6c1ffec3d68bad6634fd5be08777479549c164382d74b121 tigervnc-server-minimal-1.14.1-10.el9_6.x86_64.rpm SHA-256: 5366bcffd60cd9782eee467b1965380008686f7da5dfba337febdd3d5fe49857 tigervnc-server-minimal-debuginfo-1.14.1-10.el9_6.x86_64.rpm SHA-256: fc5571fd575f10f28eb3b79bc09cabd3422567cdf12d0475996b18c909d867c3 tigervnc-server-module-1.14.1-10.el9_6.x86_64.rpm SHA-256: fdd0f4bad3593b81352fde2756321343a357b402d89b7154e0a728e48ab66412 tigervnc-server-module-debuginfo-1.14.1-10.el9_6.x86_64.rpm SHA-256: 0e1bc8180c00d483b979d484ac4927dfa2de0555ec3fe93ab3690913d4484c3f Red Hat Enterprise Linux Server - AUS 9.6 SRPM tigervnc-1.14.1-10.el9_6.src.rpm SHA-256: 05e5125dbc5326f2fe9f37fe01ba8213993da0ff95a970b0571bfea75fb335df x86_64 tigervnc-1.14.1-10.el9_6.x86_64.rpm SHA-256: bac8eb46e7e033d3806c2a46c95233c37ccb7c0652252c285d5e3d1a9cc7a969 tigervnc-debuginfo-1.14.1-10.el9_6.x86_64.rpm SHA-256: a223059b877b6b37785cf57d3736e79410469cc228ce9d761bffd9abbc2f5aa0 tigervnc-debugsource-1.14.1-10.el9_6.x86_64.rpm SHA-256: b1ce5d72c8e2d5290bcd319256fa267cf18d9758f6fc9928707d0048663d33b0 tigervnc-icons-1.14.1-10.el9_6.noarch.rpm SHA-256: 5c010253291f29982efb63329afac232484e659f282efe3ca8474b7c92d22f68 tigervnc-license-1.14.1-10.el9_6.noarch.rpm SHA-256: ab9241702199c82e7216fc309769f60711084ff00c88c70b640532ea61360103 tigervnc-selinux-1.14.1-10.el9_6.noarch.rpm SHA-256: c2930a00822a8d15b00f099767f5ebdc342405c80619c472e617fb6a90b56d79 tigervnc-server-1.14.1-10.el9_6.x86_64.rpm SHA-256: d3cfd95366c620e4f420078ae3095d328176a6a65ca21ccb7b3ab930b74e448f tigervnc-server-debuginfo-1.14.1-10.el9_6.x86_64.rpm SHA-256: 52e1730c81b3871c6c1ffec3d68bad6634fd5be08777479549c164382d74b121 tigervnc-server-minimal-1.14.1-10.el9_6.x86_64.rpm SHA-256: 5366bcffd60cd9782eee467b1965380008686f7da5dfba337febdd3d5fe49857 tigervnc-server-minimal-debuginfo-1.14.1-10.el9_6.x86_64.rpm SHA-256: fc5571fd575f10f28eb3b79bc09cabd3422567cdf12d0475996b18c909d867c3 tigervnc-server-module-1.14.1-10.el9_6.x86_64.rpm SHA-256: fdd0f4bad3593b81352fde2756321343a357b402d89b7154e0a728e48ab66412 tigervnc-server-module-debuginfo-1.14.1-10.el9_6.x86_64.rpm SHA-256: 0e1bc8180c00d483b979d484ac4927dfa2de0555ec3fe93ab3690913d4484c3f Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 SRPM tigervnc-1.14.1-10.el9_6.src.rpm SHA-256: 05e5125dbc5326f2fe9f37fe01ba8213993da0ff95a970b0571bfea75fb335df s390x tigervnc-1.14.1-10.el9_6.s390x.rpm SHA-256: 76cf464414303e3efa29328f96c841170c7f4ef617f6546bb2c9127d77f214dd tigervnc-debuginfo-1.14.1-10.el9_6.s390x.rpm SHA-256: 565be70ba06732419fb940895cca71aaffd08f473d88358f1a6f1decb1528ab9 tigervnc-debugsource-1.14.1-10.el9_6.s390x.rpm SHA-256: 24d3afe55177af03e70a78ed4a5f46efde2f8e352ceac993783ca2e059ed8972 tigervnc-icons-1.14.1-10.el9_6.noarch.rpm SHA-256: 5c010253291f29982efb63329afac232484e659f282efe3ca8474b7c92d22f68 tigervnc-license-1.14.1-10.el9_6.noarch.rpm SHA-256: ab9241702199c82e7216fc309769f60711084ff00c88c70b640532ea61360103 tigervnc-selinux-1.14.1-10.el9_6.noarch.rpm SHA-256: c2930a00822a8d15b00f099767f5ebdc342405c80619c472e617fb6a90b56d79 tigervnc-server-1.14.1-10.el9_6.s390x.rpm SHA-256: 661ac3ec5b2613a0ba1a36a095099e82a5b9079822e479aa1b727e0790a38ae6 tigervnc-server-debuginfo-1.14.1-10.el9_6.s390x.rpm SHA-256: 64778de81df0a93a6dd2f11ad120a9a062b7d45e95f18753793b7cd7fd95efb1 tigervnc-server-minimal-1.14.1-10.el9_6.s390x.rpm SHA-256: e8c62f8c8b35fe1681f08e80c1f942bde9f4bb0a1efc70ef91678df76e476bca tigervnc-server-minimal-debuginfo-1.14.1-10.el9_6.s390x.rpm SHA-256: b3684a83fb13a9a958292eedbee5b081221b685dadd6af1f9448a7424c2aca82 tigervnc-server-module-1.14.1-10.el9_6.s390x.rpm SHA-256: 32c6a86c4c49697d4357ec78fcd7ec260f3eed617ad67df413048351c64ee0c9 tigervnc-server-module-debuginfo-1.14.1-10.el9_6.s390x.rpm SHA-256: 6697ccb73ac43741e18cc91ba8c2042ea9b08e6a2a380bbeb263bedefcbc4fed Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 SRPM tigervnc-1.14.1-10.el9_6.src.rpm SHA-256: 05e5125dbc5326f2fe9f37fe01ba8213993da0ff95a970b0571bfea75fb335df ppc64le tigervnc-1.14.1-10.el9_6.ppc64le.rpm SHA-256: d07300b6f392a0fe9714cbc455294e010431a7c1f9ac70a4c0bf3877e2b0a2c8 tigervnc-debuginfo-1.14.1-10.el9_6.ppc64le.rpm SHA-256: e7d4920615862726b67aa01544a39ca4601e7bf434b96a0d48ada266c04f9235 tigervnc-debugsource-1.14.1-10.el9_6.ppc64le.rpm SHA-256: 2ca496528ecbc51c6b1fc6d32235b56c272faa35f0e09e9eb336a5a1fb3420ba tigervnc-icons-1.14.1-10.el9_6.noarch.rpm SHA-256: 5c010253291f29982efb63329afac232484e659f282efe3ca8474b7c92d