ALAS2023-2026-1626

References: CVE-2026-33999  CVE-2026-34000  CVE-2026-34001  CVE-2026-34002  CVE-2026-34003 
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

XKB Integer Underflow in XkbSetCompatMap() (CVE-2026-33999)

XKB Out-of-bounds Read in CheckSetGeom() (CVE-2026-34000)

XSYNC Use-after-free in miSyncTriggerFence() (CVE-2026-34001)

XKB Out-of-bounds read in CheckModifierMap() (CVE-2026-34002)

XKB Buffer overflow in CheckKeyTypes() (CVE-2026-34003)

Issue Correction:
Run dnf update tigervnc --releasever 2023.11.20260427 or dnf update --advisory ALAS2023-2026-1626 --releasever 2023.11.20260427 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:

aarch64:
    tigervnc-server-minimal-debuginfo-1.14.1-3.amzn2023.0.5.aarch64
    tigervnc-server-module-debuginfo-1.14.1-3.amzn2023.0.5.aarch64
    tigervnc-server-debuginfo-1.14.1-3.amzn2023.0.5.aarch64
    tigervnc-debuginfo-1.14.1-3.amzn2023.0.5.aarch64
    tigervnc-server-1.14.1-3.amzn2023.0.5.aarch64
    tigervnc-1.14.1-3.amzn2023.0.5.aarch64
    tigervnc-server-minimal-1.14.1-3.amzn2023.0.5.aarch64
    tigervnc-server-module-1.14.1-3.amzn2023.0.5.aarch64
    tigervnc-debugsource-1.14.1-3.amzn2023.0.5.aarch64

noarch:
    tigervnc-icons-1.14.1-3.amzn2023.0.5.noarch
    tigervnc-license-1.14.1-3.amzn2023.0.5.noarch
    tigervnc-selinux-1.14.1-3.amzn2023.0.5.noarch

src:
    tigervnc-1.14.1-3.amzn2023.0.5.src

x86_64:
    tigervnc-server-debuginfo-1.14.1-3.amzn2023.0.5.x86_64
    tigervnc-server-minimal-debuginfo-1.14.1-3.amzn2023.0.5.x86_64
    tigervnc-debuginfo-1.14.1-3.amzn2023.0.5.x86_64
    tigervnc-server-module-debuginfo-1.14.1-3.amzn2023.0.5.x86_64
    tigervnc-debugsource-1.14.1-3.amzn2023.0.5.x86_64
    tigervnc-server-1.14.1-3.amzn2023.0.5.x86_64
    tigervnc-server-module-1.14.1-3.amzn2023.0.5.x86_64
    tigervnc-1.14.1-3.amzn2023.0.5.x86_64
    tigervnc-server-minimal-1.14.1-3.amzn2023.0.5.x86_64