ELSA-2025-2861 Important: Oracle Linux 7 tigervnc security update
ELSA-2025-20190 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELSA-2025-3421 Important: Oracle Linux 8 freetype security update
ELSA-2025-2673 Important: Oracle Linux 7 libxml2 security update
ELSA-2025-3388 Important: Oracle Linux 8 python-jinja2 security update
ELBA-2025-3022 Oracle Linux 9 kernel bug fix update
ELSA-2025-2501 Important: Oracle Linux 7 kernel security update
ELSA-2025-20190 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELBA-2025-20193 Oracle Linux 7 shim-signed bug fix update
ELSA-2025-3408 Important: Oracle Linux 9 libreoffice security update
ELBA-2025-20200 Oracle Linux 8 btrfs-progs bug fix update
ELBA-2025-3270 Oracle Linux 8 scap-security-guide bug fix and enhancement update
ELSA-2025-3406 Important: Oracle Linux 9 python-jinja2 security update
ELSA-2025-3113 Important: Oracle Linux 9 fence-agents security update
ELSA-2025-3107 Important: Oracle Linux 9 libxslt security update
ELBA-2025-3394 Oracle Linux 9 tzdata bug fix and enhancement update
ELSA-2025-2130 Important: Oracle Linux 7 emacs security update
ELSA-2025-3344 Important: Oracle Linux 9 grafana security update
ELSA-2025-2861 Important: Oracle Linux 7 tigervnc security update
Oracle Linux Security Advisory ELSA-2025-2861
http://linux.oracle.com/errata/ELSA-2025-2861.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
tigervnc-1.8.0-33.0.5.el7_9.x86_64.rpm
tigervnc-icons-1.8.0-33.0.5.el7_9.noarch.rpm
tigervnc-license-1.8.0-33.0.5.el7_9.noarch.rpm
tigervnc-server-1.8.0-33.0.5.el7_9.x86_64.rpm
tigervnc-server-applet-1.8.0-33.0.5.el7_9.noarch.rpm
tigervnc-server-minimal-1.8.0-33.0.5.el7_9.x86_64.rpm
tigervnc-server-module-1.8.0-33.0.5.el7_9.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//tigervnc-1.8.0-33.0.5.el7_9.src.rpm
Related CVEs:
CVE-2025-26594
CVE-2025-26595
CVE-2025-26596
CVE-2025-26597
CVE-2025-26598
CVE-2025-26599
CVE-2025-26600
CVE-2025-26601
Description of changes:
[1.8.0-33.0.5]
- Fix CVE-2025-26594 xorg-x11-server Use-after-free of the root cursor [Orabug: 37712725]
- Fix CVE-2025-26595 xorg-x11-server Buffer overflow in XkbVModMaskText()
- Fix CVE-2025-26596 xorg-x11-server Heap overflow in XkbWriteKeySyms()
- Fix CVE-2025-26597 xorg-x11-server Buffer overflow in XkbChangeTypesOfKey()
- Fix CVE-2025-26598 xorg-x11-server Out-of-bounds write in CreatePointerBarrierClient()
- Fix CVE-2025-26599 xorg-x11-server Use of uninitialized pointer in compRedirectWindow()
- Fix CVE-2025-26600 xorg-x11-server Use-after-free in PlayReleasedEvents()
- Fix CVE-2025-26601 xorg-x11-server Use-after-free in SyncInitTrigger()
[1.8.0-33.0.3]
- xorg-x11-server: xkb: Fix buffer overflow in _XkbSetCompatMap() [CVE-2024-9632][Orabug: 37295822]
[1.8.0-33.0.1]
- Dropped xorg-CVE-2023-5367.patch, xorg-CVE-2023-6816.patch, xorg-CVE-2023-6377.patch, xorg-CVE-2023-6478.patch,
xorg-CVE-2024-0229-1.patch, xorg-CVE-2024-0229-2.patch, xorg-CVE-2024-0229-3.patch, xorg-CVE-2024-21885.patch,
xorg-CVE-2024-21886-1.patch, xorg-CVE-2024-21886-2.patch, xorg-dix-fix-use-after-free-in-input-device-shutdown.patch,
xorg-CVE-2024-31080.patch, xorg-CVE-2024-31081.patch, xorg-CVE-2024-31082.patch, xorg-CVE-2024-31083.patch,
xorg-CVE-2024-31083-followup.patch
[1.8.0-33]
- Fix crash caused by fix for CVE-2024-31083
Resolves: RHEL-30976
[1.8.0-32]
- Fix CVE-2024-31080 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents
Resolves: RHEL-31006
- Fix CVE-2024-31083 tigervnc: xorg-x11-server: User-after-free in ProcRenderAddGlyphs
Resolves: RHEL-30976
- Fix CVE-2024-31081 tigervnc: xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice
Resolves: RHEL-30993
[1.8.0-31]
- Fix use after free related to CVE-2024-21886
Resolves: RHEL-20436
- Fix copy/paste error in the DeviceStateNotify
Resolves: RHEL-20587
[1.8.0-30]
- Don't try to get pointer position when the pointer becomes a floating device
Resolves: RHEL-20436
[1.8.0-29]
- Fix CVE-2024-21886 tigervnc: xorg-x11-server: heap buffer overflow in DisableDevice
Resolves: RHEL-20436
- Fix CVE-2024-21885 tigervnc: xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent
Resolves: RHEL-20427
- Fix CVE-2024-0229 tigervnc: xorg-x11-server: reattaching to different master device may lead to out-of-bounds memory access
Resolves: RHEL-20587
- Fix CVE-2023-6816 tigervnc: xorg-x11-server: Heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer
Resolves: RHEL-21212
[1.8.0-28]
- Updated fix for CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions
Resolves: RHEL-18415
[1.8.0-27]
- Fix CVE-2023-6377 tigervnc: xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions
Resolves: RHEL-18415
- CVE-2023-6478 tigervnc: xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty
Resolves: RHEL-18427
[1.8.0-26]
- Fix CVE-2023-5380 tigervnc: xorg-x11-server: Use-after-free bug in DestroyWindow
Resolves: RHEL-15235
- Fix CVE-2023-5367 tigervnc: xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty
Resolves: RHEL-15223
[1.8.0-25]
- CVE fix for: CVE-2023-1393
Resolves: bz#2180291
[1.8.0-24]
- CVE fix for: CVE-2023-0494
Resolves: bz#2166532
[1.8.0-23]
- Rebuild for xorg-x11-server CVEs
Resolves: CVE-2022-4283 (bz#2154267)
Resolves: CVE-2022-46340 (bz#2154261)
Resolves: CVE-2022-46341 (bz#2154264)
Resolves: CVE-2022-46342 (bz#2154262)
Resolves: CVE-2022-46343 (bz#2154265)
Resolves: CVE-2022-46344 (bz#2154266)
[1.8.0-22]
- Region handling refresh
Resolves: bz#1753158
[1.8.0-21]
- Add upstream patch needed because of previous security fixes
Resolves: bz#1826822
[1.8.0-20]
- Fix stack buffer overflow in CMsgReader::readSetCursor
Resolves: bz#1791773
- Fix heap buffer overflow in DecodeManager::decodeRect
Resolves: bz#1791768
- Fix heap buffer overflow in TightDecoder::FilterGradient
Resolves: bz#1791763
- Fix heap-based buffer overflow triggered from CopyRectDecoder
Resolves: bz#1791747
- Fix stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder
Resolves: bz#1791759
- Add option to fallback to empty port when the specified one is taken
Resolves: bz#1791996
[1.8.0-19]
- Use vncserver wrapper script to workaround systemd issues
Resolves: bz#1747191
[1.8.0-18]
- Rebuild against newer X server to pick up backing store crash fixes
Resolves: bz#1670342
[1.8.0-17]
- Release pointer grab when cursor leaves window
Resolves: bz#1664801
[1.8.0-16]
- Automatically kill session only when gnome or kde is installed
Resolves: bz#1646889
[1.8.0-15]
- Reduce size of context menu hint
Resolves: bz#1491608
[1.8.0-14]
- Fix rendering on big endian system
Resolves: bz#1618777
Do not automatically kill sessions
Resolves: bz#1646889
[1.8.0-13]
- Add one remaining option to Xvnc manpage
Resolves: bz#1601880
[1.8.0-12]
- Add missing options to Xvnc manpage
Resolves: bz#1601880
[1.8.0-11]
- Properly kill session after user logs out
Resolves: bz#1259757
[1.8.0-10]
- Check endianness when constructing platform pixel buffer
Resolves: bz#1613264
[1.8.0-9]
- Use current server time for XUngrabPointer and XUngrabKeyboard
Resolves: bz#1605325
[1.8.0-8]
- Ignore fake focus events from XGrabKeyboard()
Resolves: bz#1602855
[1.8.0-7]
Properly support Xorg 1.20
Resolves: bz#1564061
[1.8.0-6]
- Kill session after user logs out
Resolves: bz#1259757
Build against Xorg 1.20
Resolves: bz#1564061
[1.8.0-5]
- Fix broken scrolling
Resolves: bz#1499018
[1.8.0-4]
- Properly initialize tigervnc when started as systemd service
Resolves: bz#1506273
[1.8.0-3]
- Make TLS work on FIPS systems
Resolves: bz#1492107
[1.8.0-2]
- Let user know that view-only password will not be used
Resolves: bz#1447555
[1.8.0-1]
- Update to 1.8.0
Resolves: bz#1388620
[1.7.90-2]
- Make RandR callbacks optional
Resolves: bz#1444948
[1.7.90-1]
- Update to 1.7.90
Resolves: bz#1388620
[1.7.1-3]
- Delete underlying ssecurity in SSecurityVeNCrypt [CCVE-2017-7392]
Resolves: bz#1439127
Prevent double free by crafted fences [CVE-2017-7393]
Resolves: bz#1439134
[1.7.1-2]
- Be more restrictive with shared memory mode bits
Resolves: bz#1152552
Limit max username/password size in SSecurityPlain [CVE-2017-7394]
Resolves: bz#1438737
Fix crash from integer overflow in SMsgReader::readClientCutText [CVE-2017-7395]
Resolves: bz#1438742
[1.7.1-1]
- Update to 1.7.1
Resolves: bz#1388620
Resolves: bz#1343899
Resolves: bz#1410164
Resolves: bz#1415547
Resolves: bz#1418945
Resolves: bz#1416290
Resolves: bz#1342956
- Fix shared memory leakage
Resolves: bz#1358090
- Added systemd unit file for xvnc
Resolves: bz#1393971
[1.3.1-9]
- Force DT_RUNPATH to point to Mesa's libGL
Resolves: bz#1326867
[1.3.1-8]
- Make other security types work
Resolves: bz#1341969
[1.3.1-7]
- Restore default behaviour to listen on TCP
Resolves: bz#1304646
[1.3.1-6]
- Do not fail to bind a network socket
Resolves: bz#1332575
- Do not die when port is already taken
Resolves: bz#1322155
[1.3.1-5]
- Update comments in vncserver configuration file example
Resolves: bz#1295275
[1.3.1-4]
- Do not crash when using -inetd option
Resolves: bz#1283925
[1.3.1-3]
- Do not mention that display number is required in the file name
Resolves: bz#1195266
[1.3.1-2]
- Resolves: bz#1248422
CVE-2014-8240 CVE-2014-8241 tigervnc: various flaws
[1.3.1-1]
- Drop unecessary patches
- Re-base to 1.3.1 (bug #1199453)
- Re-build against re-based xserver (bug #1194898)
- Check the return value from XShmAttach (bug #1072733)
- Add missing part of xserver114.patch (bug #1140603)
- Keep pointer in sync (bug #1100661)
- Make input device class global (bug #1119640)
- Add IPv6 support (bug #1162722)
- Set initial mode as prefered (bug #1181287)
- Do not mention that display number is required in the file name (bug #1195266)
- Enable Xinerama extension (bug #1199437)
- Specify full path for runuser command (bug #1208817)
[1.2.80-0.31.20130314svn5065]
- Rebuilt against xorg-x11-server to pick up ppc64le fix (bug #1140424).
[1.2.80-0.30.20130314svn5065]
- Fixed heap-based buffer overflow (CVE-2014-0011, bug #1050928).
[1.2.80-0.29.20130314svn5065]
- Previous patch was not applied.
[1.2.80-0.28.20130314svn5065]
- Clearer xstartup file (bug #923655).
[1.2.80-0.27.20130314svn5065]
- Use keyboard input code from tigervnc-1.3.0 (bug #1053536).
[1.2.80-0.26.20130314svn5065]
- Mass rebuild 2014-01-24
[1.2.80-0.25.20130314svn5065]
- Fixed viewer crash when cursor has not been set (bug #1051333).
[1.2.80-0.24.20130314svn5065]
- Mass rebuild 2013-12-27
[1.2.80-0.23.20130314svn5065]
- Avoid invalid read when ZRLE connection closed (bug #1039926).
[1.2.80-0.22.20130314svn5065]
- Fixed GLX initialisation (bug #1039126).
[1.2.80-0.21.20130314svn5065]
- Better fix for PIDFile problem (bug #1031625).
[1.2.80-0.20.20130314svn5065]
- Rebuild against xserver 1.15RC1
[1.2.80-0.18.20130314svn5065]
- Avoid PIDFile problems in systemd unit file (bug #983232).
- Don't use shebang in vncserver script.
[1.2.80-0.18.20130314svn5065]
- Removed systemd_requires macro in order to fix the build.
[1.2.80-0.17.20130314svn5065]
- Synchronise manpages and --help output (bug #980870).
[1.2.80-0.16.20130314svn5065]
- tigervnc-setcursor-crash.patch: Attempt to paper over a crash in Xvnc when
setting the cursor.
[1.2.80-0.15.20130314svn5065]
- bump to rebuild and pick up bugfix causing X to crash on ppc and arm
[1.2.80-0.14.20130314svn5065]
- Use systemd rpm macros (bug #850340). Moved systemd requirements
from main package to server sub-package.
- Applied Debian patch to fix busy loop when run from inetd in nowait
mode (bug #920373).
- Added dependency on xorg-x11-xinit to server sub-package so that
default window manager can be found (bug #896284, bug #923655).
- Fixed bogus changelog date.
[1.2.80-0.13.20130314svn5065]
- Less RHEL customization
[1.2.80-0.12.20130314svn5065]
- include /etc/X11/xorg.conf.d/10-libvnc.conf sample configuration (#712482)
- vncserver now honors specified -geometry parameter (#755947)
[1.2.80-0.11.20130307svn5060]
- update to r5060
- split icons to separate package to avoid multilib issues
[1.2.80-0.10.20130219svn5047]
- update to r5047 (X.Org 1.14 support)
[1.2.80-0.9.20121126svn5015]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
[1.2.80-0.8.20121126svn5015]
- rebuild due to "jpeg8-ABI" feature drop
[1.2.80-0.7.20121126svn5015]
- rebuild
[1.2.80-0.6.20121126svn5015]
- rebuild against new fltk
[1.2.80-0.5.20121126svn5015]
- update to r5015
- build with -fpic instead of -fPIC on all archs except s390/sparc
[1.2.80-0.4.20120905svn4996]
- Build with -fPIC to fix FTBFS on ARM
[1.2.80-0.3.20120905svn4996]
- tigervnc12-xorg113-glx.patch: Fix to only init glx on the first server
generation
[1.2.80-0.2.20120905svn4996]
- tigervnc12-xorg113-glx.patch: Re-enable GLX against xserver 1.13
[1.2.80-0.1.20120905svn4996]
- update to 1.2.80
- remove deprecated patches
- tigervnc-102434.patch
- tigervnc-viewer-reparent.patch
- tigervnc11-java7.patch
- patches merged
- tigervnc11-xorg111.patch
- tigervnc11-xorg112.patch
[1.1.0-10]
- fix build against newer X server
[1.1.0-9]
- Build with the Composite extension for feature parity with other X servers
[1.1.0-8]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
[1.1.0-7]
- fix building against X.org 1.13
[1.1.0-6]
- RHEL exclusion for -server-module on ppc* too
[1.1.0-5]
- clean Xvnc's /tmp environment in service file before startup
- fix building against the latest JAVA 7 and X.Org 1.12
[1.1.0-4]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
[1.1.0-3]
- don't build X.Org devel docs (#755782)
- applet: BR generic java-devel instead of java-gcj-devel (#755783)
- use runuser to start Xvnc in systemd service file (#754259)
- don't attepmt to restart Xvnc session during update/erase (#753216)
[1.1.0-2]
- libvnc.so: don't use unexported GetMaster function (#744881)
- remove nasm buildreq
[1.1.0-1]
- update to 1.1.0
- update the xorg11 patch
- patches merged
- tigervnc11-glx.patch
- tigervnc11-CVE-2011-1775.patch
- 0001-Use-memmove-instead-of-memcpy-in-fbblt.c-when-memory.patch
[1.0.90-6]
- add systemd service file and remove legacy SysV initscript (#717227)
[1.0.90-5]
- make Xvnc buildable against X.Org 1.11
[1.0.90-4]
- viewer can send password without proper validation of X.509 certs
(CVE-2011-1775)
[1.0.90-3]
- fix wrong usage of memcpy which caused screen artifacts (#652590)
- don't point to inaccessible link in sysconfig/vncservers (#644975)
[1.0.90-2]
- improve compatibility with vinagre client (#692048)
[1.0.90-1]
- update to 1.0.90
[1.0.90-0.32.20110117svn4237]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
[1.0.90-0.31.20110117svn4237]
- fix libvnc.so module loading
[1.0.90-0.30.20110117svn4237]
- update to r4237
- patches merged
- tigervnc11-optionsdialog.patch
- tigervnc11-rh607866.patch
[1.0.90-0.29.20101208svn4225]
- improve patch for keyboard issues
[1.0.90-0.28.20101208svn4225]
- attempt to fix various keyboard-related issues (key repeating etc)
[1.0.90-0.27.20101208svn4225]
- render "Ok" and "Cancel" buttons in the options dialog correctly
[1.0.90-0.26.20101208svn4225]
- added vncserver lock file (#662784)
[1.0.90-0.25.20101208svn4225]
- update to r4225
- patches merged
- tigervnc11-rh611677.patch
- tigervnc11-rh633931.patch
- tigervnc11-xorg1.10.patch
- enable VeNCrypt and PAM support
[1.0.90-0.24.20100813svn4123]
- rebuild against xserver 1.10.X
- 0001-Return-Success-from-generate_modkeymap-when-max_keys.patch merged
* Wed Sep 29 2010 jkeating - 1.0.90-0.23.20100813svn4123
- Rebuilt for gcc bug 634757
[1.0.90-0.22.20100420svn4030]
- drop xorg-x11-fonts-misc dependency (#636170)
[1.0.90-0.21.20100420svn4030]
- improve patch for #633645 (fix tcsh incompatibilities)
[1.0.90-0.20.20100813svn4123]
- press fake modifiers correctly (#633931)
- supress unneeded debug information emitted from initscript (#633645)
[1.0.90-0.19.20100813svn4123]
- separate Xvnc, vncpasswd and vncconfig to -server-minimal subpkg (#626946)
- move license to separate subpkg and Requires it from main subpkgs
- Xvnc: handle situations when no modifiers exist well (#611677)
[1.0.90-0.18.20100813svn4123]
- update to r4123 (#617973)
- add perl requires to -server subpkg (#619791)
[1.0.90-0.17.20100721svn4113]
- update to r4113
- patches merged
- tigervnc11-rh586406.patch
- tigervnc11-libvnc.patch
- tigervnc11-rh597172.patch
- tigervnc11-rh600070.patch
- tigervnc11-options.patch
- don't own %{_datadir}/icons directory (#614301)
- minor improvements in the .desktop file (#616340)
- bundled libjpeg configure requires nasm; is executed even if system-wide
libjpeg is used
[1.0.90-0.16.20100420svn4030]
- build against system-wide libjpeg-turbo (#494458)
- build no longer requires nasm
[1.0.90-0.15.20100420svn4030]
- vncserver: accept option when specified as the first one
[1.0.90-0.14.20100420svn4030]
- fix memory leak in Xvnc input code (#597172)
- don't crash when receive negative encoding (#600070)
- explicitly disable udev configuration support
- add gettext-autopoint to BR
[1.0.90-0.13.20100420svn4030]
- update URL about SSH tunneling in the sysconfig file (#601996)
[1.0.90-0.12.20100420svn4030]
- use newer gettext
- autopoint now uses git instead of cvs, adjust BuildRequires appropriately
[1.0.90-0.11.20100420svn4030]
- link libvnc.so "now" to catch "undefined symbol" errors during Xorg startup
- use always XkbConvertCase instead of XConvertCase (#580159, #586406)
- don't link libvnc.so against libXi.la, libdix.la and libxkb.la; use symbols
from Xorg instead
[1.0.90-0.10.20100420svn4030]
- update to r4030 snapshot
- patches merged to upstream
- tigervnc11-rh522369.patch
- tigervnc11-rh551262.patch
- tigervnc11-r4002.patch
- tigervnc11-r4014.patch
[1.0.90-0.9.20100219svn3993]
- add server-applet subpackage which contains Java vncviewer applet
- fix Java applet; it didn't work when run from web browser
- add xorg-x11-xkb-utils to server Requires
[1.0.90-0.8.20100219svn3993]
- add French translation to vncviewer.desktop (thanks to Alain Portal)
[1.0.90-0.7.20100219svn3993]
- don't crash during pixel format change (#522369, #551262)
[1.0.90-0.6.20100219svn3993]
- add mesa-dri-drivers and xkeyboard-config to -server Requires
- update to r3993 1.0.90 snapshot
- tigervnc11-noexecstack.patch merged
- tigervnc11-xorg18.patch merged
- xserver18.patch is no longer needed
[1.0.90-0.5.20091221svn3929]
- initscript LSB compliance fixes (#523974)
[1.0.90-0.4.20091221svn3929]
- mark stack as non-executable in jpeg ASM code
- add xorg-x11-xauth to Requires
- add support for X.Org 1.8
- drop shave sources, they are no longer needed
[1.0.90-0.3.20091221svn3929]
- drop tigervnc-xorg25909.patch, it has been merged to X.Org upstream
[1.0.90-0.2.20091221svn3929]
- add patch for upstream X.Org issue #25909
- add libXdmcp-devel to build requires to build Xvnc with XDMCP support (#552322)
[1.0.90-0.1.20091221svn3929]
- update to 1.0.90 snapshot
- patches merged
- tigervnc10-compat.patch
- tigervnc10-rh510185.patch
- tigervnc10-rh524340.patch
- tigervnc10-rh516274.patch
[1.0.0-3]
- create Xvnc keyboard mapping before first keypress (#516274)
[1.0.0-2]
- update underlying X source to 1.6.4-0.3.fc11
- remove bogus '-nohttpd' parameter from /etc/sysconfig/vncservers (#525629)
- initscript LSB compliance fixes (#523974)
- improve -LowColorSwitch documentation and handling (#510185)
- honor dotWhenNoCursor option (and it's changes) every time (#524340)
[1.0.0-1]
- update to 1.0.0
- tigervnc10-rh495457.patch merged to upstream
[0.0.91-0.17]
- fix ifnarch s390x for server-module
[0.0.91-0.16]
- rebuilt with new openssl
[0.0.91-0.15]
- make Xvnc compilable
[0.0.91-0.14.1]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
[0.0.91-0.13.1]
- don't write warning when initscript is called with condrestart param (#508367)
[0.0.91-0.13]
- temporary use F11 Xserver base to make Xvnc compilable
- BuildRequires: libXi-devel
- don't ship tigervnc-server-module on s390/s390x
[0.0.91-0.12]
- fix local rendering of cursor (#495457)
[0.0.91-0.11]
- update to 0.0.91 (1.0.0 RC1)
- patches merged
- tigervnc10-rh499401.patch
- tigervnc10-rh497592.patch
- tigervnc10-rh501832.patch
- after discusion in upstream drop tigervnc-bounds.patch
- configure flags cleanup
[0.0.90-0.10]
- rebuild against 1.6.1.901 X server (#497835)
- disable i18n, vncviewer is not UTF-8 compatible (#501832)
[0.0.90-0.9]
- fix vncpasswd crash on long passwords (#499401)
- start session dbus daemon correctly (#497592)
[0.0.90-0.8.1]
- remove merged tigervnc-manminor.patch
[0.0.90-0.8]
- update to 0.0.90
[0.0.90-0.7.20090427svn3789]
- server package now requires xorg-x11-fonts-misc (#498184)
[0.0.90-0.6.20090427svn3789]
- update to r3789
- tigervnc-rh494801.patch merged
- tigervnc-newfbsize.patch is no longer needed
- fix problems when vncviewer and Xvnc run on different endianess (#496653)
- UltraVNC and TightVNC clients work fine again (#496786)
[0.0.90-0.5.20090403svn3751]
- workaround broken fontpath handling in vncserver script (#494801)
[0.0.90-0.4.20090403svn3751]
- update to r3751
- patches merged
- tigervnc-xclients.patch
- tigervnc-clipboard.patch
- tigervnc-rh212985.patch
- basic RandR support in Xvnc (resize of the desktop)
- use built-in libjpeg (SSE2/MMX accelerated encoding on x86 platform)
- use Tight encoding by default
- use TigerVNC icons
[0.0.90-0.3.20090303svn3631]
- update to r3631
[0.0.90-0.2.20090302svn3621]
- package review related fixes
[0.0.90-0.1.20090302svn3621]
- initial package, r3621
ELSA-2025-20190 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2025-20190
http://linux.oracle.com/errata/ELSA-2025-20190.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
kernel-uek-5.4.17-2136.341.3.3.el8uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.341.3.3.el8uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.341.3.3.el8uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.341.3.3.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.341.3.3.el8uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.341.3.3.el8uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.341.3.3.el8uek.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.4.17-2136.341.3.3.el8uek.src.rpm
Related CVEs:
CVE-2024-39494
CVE-2024-57892
Description of changes:
[5.4.17-2136.341.3.3.el8uek]
- ima: Fix use-after-free on a dentry's dname.name (Stefan Berger) [Orabug: 37727037] {CVE-2024-39494}
[5.4.17-2136.341.3.2.el8uek]
- ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (Dennis Lam) [Orabug: 37707634] {CVE-2024-57892}
- ocfs2: correct return value of ocfs2_local_free_info() (Joseph Qi) [Orabug: 37707634]
ELSA-2025-3421 Important: Oracle Linux 8 freetype security update
Oracle Linux Security Advisory ELSA-2025-3421
http://linux.oracle.com/errata/ELSA-2025-3421.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
freetype-2.9.1-10.el8_10.i686.rpm
freetype-2.9.1-10.el8_10.x86_64.rpm
freetype-devel-2.9.1-10.el8_10.i686.rpm
freetype-devel-2.9.1-10.el8_10.x86_64.rpm
aarch64:
freetype-2.9.1-10.el8_10.aarch64.rpm
freetype-devel-2.9.1-10.el8_10.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//freetype-2.9.1-10.el8_10.src.rpm
Related CVEs:
CVE-2025-27363
Description of changes:
[2.9.1-10]
- Fix CVE-2025-27363 Out-of-bounds Write
- Resolves: RHEL-83094
ELSA-2025-2673 Important: Oracle Linux 7 libxml2 security update
Oracle Linux Security Advisory ELSA-2025-2673
http://linux.oracle.com/errata/ELSA-2025-2673.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
libxml2-2.9.1-6.0.5.el7_9.6.i686.rpm
libxml2-2.9.1-6.0.5.el7_9.6.x86_64.rpm
libxml2-devel-2.9.1-6.0.5.el7_9.6.i686.rpm
libxml2-devel-2.9.1-6.0.5.el7_9.6.x86_64.rpm
libxml2-python-2.9.1-6.0.5.el7_9.6.x86_64.rpm
libxml2-static-2.9.1-6.0.5.el7_9.6.i686.rpm
libxml2-static-2.9.1-6.0.5.el7_9.6.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//libxml2-2.9.1-6.0.5.el7_9.6.src.rpm
Related CVEs:
CVE-2024-56171
CVE-2025-24928
Description of changes:
[2.9.1-6.0.5]
- Fix CVE-2024-56171 [Orabug: 37694105]
- Fix CVE-2025-24928 [Orabug: 37694105]
[2.9.1-6.0.3]
- Rebuild to include attribution logo [Orabug: 33024216]
- Update doc/redhat.gif in tarball
- Add libxml2-oracle-enterprise.patch and update logos in tarball
[2.9.1-6.6]
- Fix CVE-2016-4658 (#1966916)
[2.9.1-6.5]
- Fix CVE-2019-19956 (#1793000)
- Fix CVE-2019-20388 (#1810057)
- Fix CVE-2020-7595 (#1810073)
- Fix xsd:any schema validation (#1812145)
[2.9.1-6.4]
- Fix CVE-2015-8035 (#1595697)
- Fix CVE-2018-14404 (#1602817)
- Fix CVE-2017-15412 (#1729857)
- Fix CVE-2016-5131 (#1714050)
- Fix CVE-2017-18258 (#1579211)
- Fix CVE-2018-1456 (#1622715)
[libxml2-2.9.1-6.3]
- Heap-based buffer overread in xmlNextChar (CVE-2016-1762)
- Bug 763071: Heap-buffer-overflow in xmlStrncat ( https://bugzilla.gnome.org/show_bug.cgi?id=763071) (CVE-2016-1834)
- Bug 757711: Heap-buffer-overflow in xmlFAParsePosCharGroup ( https://bugzilla.gnome.org/show_bug.cgi?id=757711) (CVE-2016-1840)
- Bug 758588: Heap-based buffer overread in xmlParserPrintFileContextInternal ( https://bugzilla.gnome.org/show_bug.cgi?id=758588) (CVE-2016-1838)
- Bug 758605: Heap-based buffer overread in xmlDictAddString ( https://bugzilla.gnome.org/show_bug.cgi?id=758605) (CVE-2016-1839)
- Bug 759398: Heap use-after-free in xmlDictComputeFastKey ( https://bugzilla.gnome.org/show_bug.cgi?id=759398) (CVE-2016-1836)
- Fix inappropriate fetch of entities content (CVE-2016-4449)
- Heap use-after-free in htmlParsePubidLiteral and htmlParseSystemiteral (CVE-2016-1837)
- Heap use-after-free in xmlSAX2AttributeNs (CVE-2016-1835)
- Heap-based buffer-underreads due to xmlParseName (CVE-2016-4447)
- Heap-based buffer overread in htmlCurrentChar (CVE-2016-1833)
- Add missing increments of recursion depth counter to XML parser. (CVE-2016-3705)
- Avoid building recursive entities (CVE-2016-3627)
- Fix some format string warnings with possible format string vulnerability (CVE-2016-4448)
- More format string warnings with possible format string vulnerability (CVE-2016-4448)
[2.9.1-6.2]
- Fix a series of CVEs (rhbz#1286496)
- CVE-2015-7941 Stop parsing on entities boundaries errors
- CVE-2015-7941 Cleanup conditional section error handling
- CVE-2015-8317 Fail parsing early on if encoding conversion failed
- CVE-2015-7942 Another variation of overflow in Conditional sections
- CVE-2015-7942 Fix an error in previous Conditional section patch
- Fix parsing short unclosed comment uninitialized access
- CVE-2015-7498 Avoid processing entities after encoding conversion failures
- CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey
- CVE-2015-5312 Another entity expansion issue
- CVE-2015-7499 Add xmlHaltParser() to stop the parser
- CVE-2015-7499 Detect incoherency on GROW
- CVE-2015-7500 Fix memory access error due to incorrect entities boundaries
- CVE-2015-8242 Buffer overead with HTML parser in push mode
- CVE-2015-1819 Enforce the reader to run in constant memory
[2.9.1-6]
- Fix missing entities after CVE-2014-3660 fix
- CVE-2014-0191 Do not fetch external parameter entities (rhbz#1195650)
- Fix regressions introduced by CVE-2014-0191 patch
[2.9.1-5.1]
- CVE-2014-3660 denial of service via recursive entity expansion (rhbz#1149087)
[2.9.1-5]
- Mass rebuild 2014-01-24
[2.9.1-4]
- rebuild to activate -O3 on ppc64 rhbz#1051068
[2.9.1-3]
- Mass rebuild 2013-12-27
[2.9.1-2]
- Fix a regression in xmlGetDocCompressMode() rhbz#963716
[2.9.1-1]
- upstream release of 2.9.1
- a couple more API entry point
- compatibility with python3
- a lot of bug fixes
[2.9.0-4]
- fix --nocheck build which I broke in october rhbz#909767
[2.9.0-3]
- workaround for crc/len check failure, rhbz#877567
[2.9.0-2]
- remaining cleanups from merge bug rhbz#226079
- do not put the docs in the main package, only in -devel rhbz#864731
[2.9.0-1]
- upstream release of 2.9.0
- A few new API entry points
- More resilient push parser mode
- A lot of portability improvement
- Faster XPath evaluation
- a lot of bug fixes and smaller improvement
[2.9.0-0rc1]
- upstream release candidate 1 of 2.9.0
- introduce a small API change, but ABI compatible, see
https://mail.gnome.org/archives/xml/2012-August/msg00005.html
patches for php, gcc/libjava and evolution-data-connector are upstream
Grab me in cases of problems veillard@redhat.com
- many bug fixes including security aspects and small improvements
[2.8.0-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
[2.8.0-1]
- upstream release of 2.8.0
- add lzma compression support
- many bug fixes and small improvements
[2.7.8-7]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
[2.7.8-6]
- fix a double free in XPath CVE-2010-4494 bug 665965
[2.7.8-5]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
[2.7.8-4]
- reactivate shared libs versionning script
[2.7.8-1]
- Upstream release of 2.7.8
- various bug fixes, including potential crashes
- new non-destructive formatting option
- date parsing updated to RFC 5646
[2.7.7-2]
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
[2.7.7-1]
- Upstream release of 2.7.7
- fix serious trouble with zlib >= 1.2.4
- xmllint new option --xpath
- various HTML parser improvements
- includes a number of nug fixes
[2.7.6-1]
- Upstream release of 2.7.6
- restore thread support off by default in 2.7.5
[2.7.5-1]
- Upstream release of 2.7.5
- fix a couple of Relax-NG validation problems
- couple more fixes
[2.7.4-2]
- fix a problem with little data at startup affecting inkscape #523002
[2.7.4-1]
- upstream release 2.7.4
- symbol versioning of libxml2 shared libs
- very large number of bug fixes
[2.7.3-4]
- two patches for parsing problems CVE-2009-2414 and CVE-2009-2416
[2.7.3-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
[2.7.3-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
[2.7.3-1]
- new release 2.7.3
- limit default max size of text nodes
- special parser mode for PHP
- bug fixes and more compiler checks
[2.7.2-7]
- Pull back into Python 2.6
[2.7.2-6]
- AutoProvides requires BuildRequires pkgconfig
[2.7.2-5]
- rebuild to get provides(libxml-2.0) into HEAD rawhide
[2.7.2-4]
- Rebuild for pkgconfig logic
[2.7.2-3]
- Rebuild for Python 2.6
[2.7.2-2.fc11]
- two patches for size overflows problems CVE-2008-4225 and CVE-2008-4226
[2.7.2-1.fc10]
- new release 2.7.2
- Fixes the known problems in 2.7.1
- increase the set of options when saving documents
[2.7.1-2.fc10]
- fix a nasty bug in 2.7.x, http://bugzilla.gnome.org/show_bug.cgi?id=554660
[2.7.1-1.fc10]
- fix python serialization which was broken in 2.7.0
- Resolve: rhbz#460774
[2.7.0-1.fc10]
- upstream release of 2.7.0
- switch to XML 1.0 5th edition
- switch to RFC 3986 for URI parsing
- better entity handling
- option to remove hardcoded limitations in the parser
- more testing
- a new API to allocate entity nodes
- and lot of fixes and clanups
[2.6.32-4.fc10]
- fix for entities recursion problem
- Resolve: rhbz#459714
[2.6.32-3.fc10]
- cleanup based on Fedora packaging guidelines, should fix #226079
- separate a -static package
[2.6.32-2.fc10]
- try to fix multiarch problems like #440206
[2.6.32-1.fc9]
- upstream release 2.6.32 see http://xmlsoft.org/news.html
- many bug fixed upstream
[2.6.31-2]
- Autorebuild for GCC 4.3
[2.6.31-1.fc9]
- upstream release 2.6.31 see http://xmlsoft.org/news.html
- many bug fixed upstream
[2.6.30-1]
- upstream release 2.6.30 see http://xmlsoft.org/news.html
- many bug fixed upstream
[2.6.29-1]
- upstream release 2.6.29 see http://xmlsoft.org/news.html
- many bug fixed upstream
[2.6.28-2]
- Bump revision to fix N-V-R problem
[2.6.28-1]
- upstream release 2.6.28 see http://xmlsoft.org/news.html
- many bug fixed upstream
[2.6.27-2]
- rebuild against python 2.5
[2.6.27-1]
- upstream release 2.6.27 see http://xmlsoft.org/news.html
- very large amount of bug fixes reported upstream
[2.6.26-2.1.1]
- rebuild
[2.6.26-2.1]
- rebuild
[2.6.26-2]
- fix bug #192873
[2.6.26-1]
- upstream release 2.6.26 see http://xmlsoft.org/news.html
* Tue Jun 06 2006 Daniel Veillard [veillard@redhat.com]
- upstream release 2.6.25 broken, do not ship !
ELSA-2025-3388 Important: Oracle Linux 8 python-jinja2 security update
Oracle Linux Security Advisory ELSA-2025-3388
http://linux.oracle.com/errata/ELSA-2025-3388.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
python3-jinja2-2.10.1-7.el8_10.noarch.rpm
aarch64:
python3-jinja2-2.10.1-7.el8_10.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//python-jinja2-2.10.1-7.el8_10.src.rpm
Related CVEs:
CVE-2025-27516
Description of changes:
[2.10.1-7]
- Security fix for CVE-2025-27516
Resolves: RHEL-85066
ELBA-2025-3022 Oracle Linux 9 kernel bug fix update
Oracle Linux Bug Fix Advisory ELBA-2025-3022
http://linux.oracle.com/errata/ELBA-2025-3022.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
bpftool-7.4.0-503.33.1.el9_5.x86_64.rpm
kernel-5.14.0-503.33.1.el9_5.x86_64.rpm
kernel-abi-stablelists-5.14.0-503.33.1.el9_5.noarch.rpm
kernel-core-5.14.0-503.33.1.el9_5.x86_64.rpm
kernel-debug-5.14.0-503.33.1.el9_5.x86_64.rpm
kernel-debug-core-5.14.0-503.33.1.el9_5.x86_64.rpm
kernel-debug-devel-5.14.0-503.33.1.el9_5.x86_64.rpm
kernel-debug-devel-matched-5.14.0-503.33.1.el9_5.x86_64.rpm
kernel-debug-modules-5.14.0-503.33.1.el9_5.x86_64.rpm
kernel-debug-modules-core-5.14.0-503.33.1.el9_5.x86_64.rpm
kernel-debug-modules-extra-5.14.0-503.33.1.el9_5.x86_64.rpm
kernel-debug-uki-virt-5.14.0-503.33.1.el9_5.x86_64.rpm
kernel-devel-5.14.0-503.33.1.el9_5.x86_64.rpm
kernel-devel-matched-5.14.0-503.33.1.el9_5.x86_64.rpm
kernel-doc-5.14.0-503.33.1.el9_5.noarch.rpm
kernel-headers-5.14.0-503.33.1.el9_5.x86_64.rpm
kernel-modules-5.14.0-503.33.1.el9_5.x86_64.rpm
kernel-modules-core-5.14.0-503.33.1.el9_5.x86_64.rpm
kernel-modules-extra-5.14.0-503.33.1.el9_5.x86_64.rpm
kernel-tools-5.14.0-503.33.1.el9_5.x86_64.rpm
kernel-tools-libs-5.14.0-503.33.1.el9_5.x86_64.rpm
kernel-uki-virt-5.14.0-503.33.1.el9_5.x86_64.rpm
kernel-uki-virt-addons-5.14.0-503.33.1.el9_5.x86_64.rpm
perf-5.14.0-503.33.1.el9_5.x86_64.rpm
python3-perf-5.14.0-503.33.1.el9_5.x86_64.rpm
rtla-5.14.0-503.33.1.el9_5.x86_64.rpm
rv-5.14.0-503.33.1.el9_5.x86_64.rpm
kernel-cross-headers-5.14.0-503.33.1.el9_5.x86_64.rpm
kernel-tools-libs-devel-5.14.0-503.33.1.el9_5.x86_64.rpm
libperf-5.14.0-503.33.1.el9_5.x86_64.rpm
aarch64:
bpftool-7.4.0-503.33.1.el9_5.aarch64.rpm
kernel-headers-5.14.0-503.33.1.el9_5.aarch64.rpm
kernel-tools-5.14.0-503.33.1.el9_5.aarch64.rpm
kernel-tools-libs-5.14.0-503.33.1.el9_5.aarch64.rpm
perf-5.14.0-503.33.1.el9_5.aarch64.rpm
python3-perf-5.14.0-503.33.1.el9_5.aarch64.rpm
rtla-5.14.0-503.33.1.el9_5.aarch64.rpm
rv-5.14.0-503.33.1.el9_5.aarch64.rpm
kernel-cross-headers-5.14.0-503.33.1.el9_5.aarch64.rpm
kernel-tools-libs-devel-5.14.0-503.33.1.el9_5.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-5.14.0-503.33.1.el9_5.src.rpm
Description of changes:
- [5.14.0-503.33.1.el9_5.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64
