Red Hat Product Errata RHSA-2026:20576 - Security Advisory Issued: 2026-05-26 Updated: 2026-05-26 RHSA-2026:20576 - Security Advisory Overview Updated Packages Synopsis Important: tigervnc security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for tigervnc is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Security Fix(es): xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling (CVE-2026-33999) xwayland: xorg: X.Org X server: Information disclosure and denial of service via out-of-bounds read in XKB geometry processing. (CVE-2026-34000) xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption (CVE-2026-34001) xorg: xwayland: X.Org X server: Information disclosure or Denial of Service via out-of-bounds read in XKB modifier map handling (CVE-2026-34002) xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access (CVE-2026-34003) TigerVNC: x0vncserver: TigerVNC x0vncserver: Information disclosure, data manipulation, and denial of service via incorrect permissions (CVE-2026-34352) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server - AUS 9.2 x86_64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 s390x Fixes BZ - 2451106 - CVE-2026-33999 xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling BZ - 2451107 - CVE-2026-34000 xwayland: xorg: X.Org X server: Information disclosure and denial of service via out-of-bounds read in XKB geometry processing. BZ - 2451109 - CVE-2026-34001 xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption BZ - 2451112 - CVE-2026-34002 xorg: xwayland: X.Org X server: Information disclosure or Denial of Service via out-of-bounds read in XKB modifier map handling BZ - 2451113 - CVE-2026-34003 xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access BZ - 2452022 - CVE-2026-34352 TigerVNC: x0vncserver: TigerVNC x0vncserver: Information disclosure, data manipulation, and denial of service via incorrect permissions CVEs CVE-2026-33999 CVE-2026-34000 CVE-2026-34001 CVE-2026-34002 CVE-2026-34003 CVE-2026-34352 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server - AUS 9.2 SRPM tigervnc-1.12.0-14.el9_2.14.src.rpm SHA-256: e90fa7859ad699ac11bb901e9cb62adc9e8cd52a82b3fd4283b67827d1879f7e x86_64 tigervnc-1.12.0-14.el9_2.14.x86_64.rpm SHA-256: 57763ba8b9b0e278aa8e1b9640f735c0300af68754155c94065d9cfcb8618571 tigervnc-debuginfo-1.12.0-14.el9_2.14.x86_64.rpm SHA-256: b9e2fb81cd3268216012f327380482c598e407b30f6a27581d126513490b9709 tigervnc-debugsource-1.12.0-14.el9_2.14.x86_64.rpm SHA-256: 91892bf69529821c5d57f9a75ea20045bed05100d6dbc8851d318750532eebe2 tigervnc-icons-1.12.0-14.el9_2.14.noarch.rpm SHA-256: 0f72ca8a76f8157718699732c88571d5118106d813325b307801654ef05d433f tigervnc-license-1.12.0-14.el9_2.14.noarch.rpm SHA-256: 4f999d473eed31612e4ad73db5abe44a15c8f29b481afcd7bb3d1efea34c16c8 tigervnc-selinux-1.12.0-14.el9_2.14.noarch.rpm SHA-256: d794ef9aa60bf55048e48602e4414c1d940c52431e5b784e9c7ea248bbe84599 tigervnc-server-1.12.0-14.el9_2.14.x86_64.rpm SHA-256: 62989af648fd08962c6498a29873f715b53296993fa7f46c106b4e882d38fa47 tigervnc-server-debuginfo-1.12.0-14.el9_2.14.x86_64.rpm SHA-256: 29ca059fefb7853f6959546bacbc69df2fb3e8dbf4385c8500a3f58214257f31 tigervnc-server-minimal-1.12.0-14.el9_2.14.x86_64.rpm SHA-256: e681840c984b1ce01dfd06ab0828ad6f1e40e00e7ca342f9e81312f77eeec7cc tigervnc-server-minimal-debuginfo-1.12.0-14.el9_2.14.x86_64.rpm SHA-256: 9ccab56229a8746ba847fe0ef77dc78374e5fd3601debd4898ffea8537da7447 tigervnc-server-module-1.12.0-14.el9_2.14.x86_64.rpm SHA-256: 7dd27893e12359cea80e946903a2d60fad2d2eeb2133cbc1e370c1ede45f76c6 tigervnc-server-module-debuginfo-1.12.0-14.el9_2.14.x86_64.rpm SHA-256: 5081a801026e4260d98e9eacf2fdc24bd00ad73d828db82a699aebb9675eb6d7 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 SRPM tigervnc-1.12.0-14.el9_2.14.src.rpm SHA-256: e90fa7859ad699ac11bb901e9cb62adc9e8cd52a82b3fd4283b67827d1879f7e ppc64le tigervnc-1.12.0-14.el9_2.14.ppc64le.rpm SHA-256: 0b9a38cb222ecfa961c3afd7114c22b9e29ac51ee2c73c58df3c68339816ee21 tigervnc-debuginfo-1.12.0-14.el9_2.14.ppc64le.rpm SHA-256: d48e339d5516ec65031fad51b698ba403836ffbf6de43de081ba1a20eadc2d66 tigervnc-debugsource-1.12.0-14.el9_2.14.ppc64le.rpm SHA-256: 5e5c81f06b25019f55d19231573c1183807a1cbf455d0c3450b7c2887c46cd1a tigervnc-icons-1.12.0-14.el9_2.14.noarch.rpm SHA-256: 0f72ca8a76f8157718699732c88571d5118106d813325b307801654ef05d433f tigervnc-license-1.12.0-14.el9_2.14.noarch.rpm SHA-256: 4f999d473eed31612e4ad73db5abe44a15c8f29b481afcd7bb3d1efea34c16c8 tigervnc-selinux-1.12.0-14.el9_2.14.noarch.rpm SHA-256: d794ef9aa60bf55048e48602e4414c1d940c52431e5b784e9c7ea248bbe84599 tigervnc-server-1.12.0-14.el9_2.14.ppc64le.rpm SHA-256: 49d775f530c921d869efa0cca8d14c8cac3b22c7c0be75fe9cb1b1b7c298543f tigervnc-server-debuginfo-1.12.0-14.el9_2.14.ppc64le.rpm SHA-256: 998c7c04da8b0c9c0a77885eeaff43ef75c886144161c6dc66fa8a6cf5fbd8df tigervnc-server-minimal-1.12.0-14.el9_2.14.ppc64le.rpm SHA-256: 092222c1403032aed87c56117e090bb9deea7a38b7614cfdfa49196064bfe707 tigervnc-server-minimal-debuginfo-1.12.0-14.el9_2.14.ppc64le.rpm SHA-256: 9f194591790a2d039679206a7bcebe216dfd5d1e4fdf85d2885b71a13e9c6f44 tigervnc-server-module-1.12.0-14.el9_2.14.ppc64le.rpm SHA-256: 6c86325a01ff1d32a25d941de040a8b2e583733b1d758477d5c3e8716a2a0c17 tigervnc-server-module-debuginfo-1.12.0-14.el9_2.14.ppc64le.rpm SHA-256: e094e1e74d47ddcc444351a4531c2bfb5b8833eea7a39f65e67e0f2e045b7be1 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 SRPM tigervnc-1.12.0-14.el9_2.14.src.rpm SHA-256: e90fa7859ad699ac11bb901e9cb62adc9e8cd52a82b3fd4283b67827d1879f7e x86_64 tigervnc-1.12.0-14.el9_2.14.x86_64.rpm SHA-256: 57763ba8b9b0e278aa8e1b9640f735c0300af68754155c94065d9cfcb8618571 tigervnc-debuginfo-1.12.0-14.el9_2.14.x86_64.rpm SHA-256: b9e2fb81cd3268216012f327380482c598e407b30f6a27581d126513490b9709 tigervnc-debugsource-1.12.0-14.el9_2.14.x86_64.rpm SHA-256: 91892bf69529821c5d57f9a75ea20045bed05100d6dbc8851d318750532eebe2 tigervnc-icons-1.12.0-14.el9_2.14.noarch.rpm SHA-256: 0f72ca8a76f8157718699732c88571d5118106d813325b307801654ef05d433f tigervnc-license-1.12.0-14.el9_2.14.noarch.rpm SHA-256: 4f999d473eed31612e4ad73db5abe44a15c8f29b481afcd7bb3d1efea34c16c8 tigervnc-selinux-1.12.0-14.el9_2.14.noarch.rpm SHA-256: d794ef9aa60bf55048e48602e4414c1d940c52431e5b784e9c7ea248bbe84599 tigervnc-server-1.12.0-14.el9_2.14.x86_64.rpm SHA-256: 62989af648fd08962c6498a29873f715b53296993fa7f46c106b4e882d38fa47 tigervnc-server-debuginfo-1.12.0-14.el9_2.14.x86_64.rpm SHA-256: 29ca059fefb7853f6959546bacbc69df2fb3e8dbf4385c8500a3f58214257f31 tigervnc-server-minimal-1.12.0-14.el9_2.14.x86_64.rpm SHA-256: e681840c984b1ce01dfd06ab0828ad6f1e40e00e7ca342f9e81312f77eeec7cc tigervnc-server-minimal-debuginfo-1.12.0-14.el9_2.14.x86_64.rpm SHA-256: 9ccab56229a8746ba847fe0ef77dc78374e5fd3601debd4898ffea8537da7447 tigervnc-server-module-1.12.0-14.el9_2.14.x86_64.rpm SHA-256: 7dd27893e12359cea80e946903a2d60fad2d2eeb2133cbc1e370c1ede45f76c6 tigervnc-server-module-debuginfo-1.12.0-14.el9_2.14.x86_64.rpm SHA-256: 5081a801026e4260d98e9eacf2fdc24bd00ad73d828db82a699aebb9675eb6d7 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 SRPM tigervnc-1.12.0-14.el9_2.14.src.rpm SHA-256: e90fa7859ad699ac11bb901e9cb62adc9e8cd52a82b3fd4283b67827d1879f7e aarch64 tigervnc-1.12.0-14.el9_2.14.aarch64.rpm SHA-256: 59acf0c9f485b1fc8a731e46dc8373c49a740e9a988e0284489fdc41d9cb27ca tigervnc-debuginfo-1.12.0-14.el9_2.14.aarch64.rpm SHA-256: 25c8db7a87519eb242280960558240b4dc86e6b8fbc2d47937a3fd0be218ffcd tigervnc-debugsource-1.12.0-14.el9_2.14.aarch64.rpm SHA-256: f2a755050d593d699a1b654f103f93ad8a76b896ff1b753c4fa3474c3706798c tigervnc-icons-1.12.0-14.el9_2.14.noarch.rpm SHA-256: 0f72ca8a76f8157718699732c88571d5118106d813325b307801654ef05d433f tigervnc-license-1.12.0-14.el9_2.14.noarch.rpm SHA-256: 4f999d473eed31612e4ad73db5abe44a15c8f29b481afcd7bb3d1efea34c16c8 tigervnc-selinux-1.12.