Updated x11-server, x11-server-xwayland & tigervnc packages fix security vulnerabilities
Publication date: 28 Jun 2025Modification date: 28 Jun 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-49175 , CVE-2025-49176 , CVE-2025-49177 , CVE-2025-49178 , CVE-2025-49179 , CVE-2025-49180
Description
Out-of-bounds access in X Rendering extension (Animated cursors).
(CVE-2025-49175)
Integer overflow in Big Requests Extension. (CVE-2025-49176)
Data leak in XFIXES Extension 6 (XFixesSetClientDisconnectMode).
(CVE-2025-49177)
Unprocessed client request via bytes to ignore. (CVE-2025-49178)
Integer overflow in X Record extension. (CVE-2025-49179)
Integer overflow in RandR extension (RRChangeProviderProperty).
(CVE-2025-49180)
References
- https://bugs.mageia.org/show_bug.cgi?id=34381
- https://www.openwall.com/lists/oss-security/2025/06/17/3
- https://www.openwall.com/lists/oss-security/2025/06/18/2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49175
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49176
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49177
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49178
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49179
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49180
SRPMS
9/core
- x11-server-21.1.8-7.8.mga9
- x11-server-xwayland-22.1.9-1.8.mga9
- tigervnc-1.13.1-2.8.mga9