Updated x11-server, x11-server-xwayland & tigervnc packages fix security vulnerabilities
Publication date: 03 Mar 2025Modification date: 03 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-26594 , CVE-2025-26595 , CVE-2025-26596 , CVE-2025-26597 , CVE-2025-26598 , CVE-2025-26599 , CVE-2025-26600 , CVE-2025-26601
Description
Use-after-free of the root cursor. (CVE-2025-26594)
Buffer overflow in XkbVModMaskText(). (CVE-2025-26595)
Heap overflow in XkbWriteKeySyms(). (CVE-2025-26596)
Buffer overflow in XkbChangeTypesOfKey(). (CVE-2025-26597)
Out-of-bounds write in CreatePointerBarrierClient(). (CVE-2025-26598)
Use of uninitialized pointer in compRedirectWindow(). (CVE-2025-26599)
Use-after-free in PlayReleasedEvents(). (CVE-2025-26600)
Use-after-free in SyncInitTrigger(). (CVE-2025-26601)
References
- https://bugs.mageia.org/show_bug.cgi?id=34052
- https://www.openwall.com/lists/oss-security/2025/02/25/1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26594
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26595
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26596
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26597
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26598
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26599
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26600
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26601
SRPMS
9/core
- x11-server-21.1.8-7.7.mga9
- x11-server-xwayland-22.1.9-1.7.mga9
- tigervnc-1.13.1-2.7.mga9