|
|
Subscribe / Log in / New account

Mageia alert MGASA-2025-0199 (x11-server, x11-server-xwayland & tigervnc)



From:
              Mageia Updates <updates-announce@ml.mageia.org>


To:
              updates-announce@ml.mageia.org


Subject:
              [updates-announce] MGASA-2025-0199: Updated x11-server, x11-server-xwayland & tigervnc packages fix security vulnerabilities


Date:
              Sun, 29 Jun 2025 00:46:14 +0200


Message-ID:
              <20250628224614.1C4B4A009B@duvel.mageia.org>


Archive-link:
              Article


MGASA-2025-0199 - Updated x11-server, x11-server-xwayland & tigervnc packages fix security
vulnerabilities

Publication date: 28 Jun 2025
URL: https://advisories.mageia.org/MGASA-2025-0199.html
Type: security
Affected Mageia releases: 9
CVE: CVE-2025-49175,
     CVE-2025-49176,
     CVE-2025-49177,
     CVE-2025-49178,
     CVE-2025-49179,
     CVE-2025-49180

Description:
Out-of-bounds access in X Rendering extension (Animated cursors).
(CVE-2025-49175)
Integer overflow in Big Requests Extension. (CVE-2025-49176)
Data leak in XFIXES Extension 6 (XFixesSetClientDisconnectMode).
(CVE-2025-49177)
Unprocessed client request via bytes to ignore. (CVE-2025-49178)
Integer overflow in X Record extension. (CVE-2025-49179)
Integer overflow in RandR extension (RRChangeProviderProperty).
(CVE-2025-49180)

References:
- https://bugs.mageia.org/show_bug.cgi?id=34381
- https://www.openwall.com/lists/oss-security/2025/06/17/3
- https://www.openwall.com/lists/oss-security/2025/06/18/2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4...

SRPMS:
- 9/core/x11-server-21.1.8-7.8.mga9
- 9/core/x11-server-xwayland-22.1.9-1.8.mga9
- 9/core/tigervnc-1.13.1-2.8.mga9
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds