Critical Vulnerabilities in Tigervnc Affect Oracle and Rocky Linux Users

Recent updates for Tigervnc have addressed multiple critical vulnerabilities affecting Oracle Linux 9 and Rocky Linux 8. The vulnerabilities include CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, and CVE-2026-34003, which were published between April and May 2026. These vulnerabilities can lead to remote access issues and potential exploitation of systems. Oracle Linux 9 users are urged to update to version 1.15.0-7.1, while Rocky Linux 8 users should upgrade to version 1.15.0-10. The updates include fixes for various XKB and XSYNC vulnerabilities, use-after-free issues, and integer overflows. The CVSS scores for these vulnerabilities indicate a high severity, emphasizing the need for immediate action. Administrators are advised to apply these updates promptly to mitigate risks.

Key Points: • Multiple critical vulnerabilities in Tigervnc affect Oracle and Rocky Linux systems. • Affected CVEs include CVE-2026-33999, CVE-2026-34000, and others with high CVSS scores. • Immediate updates are recommended for both Oracle Linux 9 and Rocky Linux 8 users.