xorg-x11-server-1.20.11-31.el9_6, xorg-x11-server-Xwayland-23.2.7-4.el9_6
エラータID: AXSA:2025-10554:02
X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.
Security Fix(es):
* xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors (CVE-2025-49175)
* xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in Big Requests Extension (CVE-2025-49176)
* xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore (CVE-2025-49178)
* xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer overflow in X Record extension (CVE-2025-49179)
* xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension (CVE-2025-49180)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2025-49175
A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.
CVE-2025-49176
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.
CVE-2025-49178
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.
CVE-2025-49179
A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.
CVE-2025-49180
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
Update packages.
A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.
A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
N/A
SRPMS
- xorg-x11-server-1.20.11-31.el9_6.src.rpm
MD5: 8f2e992b1f1f0a9823753f800e342596
SHA-256: d46a1b3011ba3ae19398bc0b75b9df1bd47a046c810d9d83a55018a55858529c
Size: 6.31 MB - xorg-x11-server-Xwayland-23.2.7-4.el9_6.src.rpm
MD5: 3a0be2f2c43517cf3ebb832e3378b082
SHA-256: fb43bf46e8776aff55c23a0db2cc5562bf36656bf894a12a50e9daa7a9ad3ac9
Size: 1.27 MB
Asianux Server 9 for x86_64
- xorg-x11-server-common-1.20.11-31.el9_6.x86_64.rpm
MD5: 680e1adc00fe3e2ee285b953b4c14b5d
SHA-256: 917492bc08059d9f6986537325c5f5d50f9d1cfe9ac23e6a976510f1181fef36
Size: 34.39 kB - xorg-x11-server-devel-1.20.11-31.el9_6.i686.rpm
MD5: 223093252c688b477d536e09211e0345
SHA-256: 26c5f02071dc50278ea543e4e42e2a172edd87a69a394b0cdbb182f9f8ab3241
Size: 251.98 kB - xorg-x11-server-devel-1.20.11-31.el9_6.x86_64.rpm
MD5: 1443774e37263531066ab022e7671b64
SHA-256: b03f229c1fb38ea3e885a72df0e6b1e87ebe9e1cc7230b4e90a64cbcaa3f00f7
Size: 251.95 kB - xorg-x11-server-source-1.20.11-31.el9_6.noarch.rpm
MD5: b4d545e5c822dd44bfe32b61fc1928c3
SHA-256: f465c49ac1a9e67bae17a73c7c853e9b5c9b8cd01f41f9df8b4d54f9d90bbd1c
Size: 2.37 MB - xorg-x11-server-Xdmx-1.20.11-31.el9_6.x86_64.rpm
MD5: a6c067c5e115bdf3211489fb718df74e
SHA-256: d05a9a49338b26f327decb7ad83d2a823d0a9e57a0ccc60c3bce741ee7a48dac
Size: 901.65 kB - xorg-x11-server-Xephyr-1.20.11-31.el9_6.x86_64.rpm
MD5: ade31ea1c6b8593abe3ab6273cc2ad46
SHA-256: 923d79808de5df5a3baff3b271f91b56dec839d7744ae7ec1b4c73e2b82bc203
Size: 1.02 MB - xorg-x11-server-Xnest-1.20.11-31.el9_6.x86_64.rpm
MD5: ef7bc056c4430d48ef1230fbb3f5fd06
SHA-256: 58581a97fce5bc11cc26a54e253f2aaf84be6d16bf80f037b60ad488973859f0
Size: 719.34 kB - xorg-x11-server-Xorg-1.20.11-31.el9_6.x86_64.rpm
MD5: 235e83aa6158420b56fa0c90f61990e3
SHA-256: 9c8a3a25855e75540d05175a351ce9dfedb1ffaac5605a01c6a3111a853b8bb7
Size: 1.46 MB - xorg-x11-server-Xvfb-1.20.11-31.el9_6.x86_64.rpm
MD5: 385711e8284aa23e63fcce39d024c1e5
SHA-256: 7a756c287229d96239d21e78a40409f6b91babde0439a7c1073cdbc3d9b58c41
Size: 894.90 kB - xorg-x11-server-Xwayland-23.2.7-4.el9_6.i686.rpm
MD5: 6ee79754b07e616d4bc854d0ca3a2df9
SHA-256: e9f10336f543512e951774a6047d05f1e6ba287105bca17e80f160dc0f7f32d5
Size: 1.01 MB - xorg-x11-server-Xwayland-23.2.7-4.el9_6.x86_64.rpm
MD5: 78ff0ab2976d28dd77095f277680ce22
SHA-256: 46250feef79e03a34952a205bf5e80ee6ba544a1576902bfbf855da0c5f82d2f
Size: 0.96 MB - xorg-x11-server-Xwayland-devel-23.2.7-4.el9_6.i686.rpm
MD5: d4547dcd7ffc84d57aa47479bbbe509d
SHA-256: 7a55879964842ce4af895c1d476216dcf480e9fc06975c776590dd39c644fe2f
Size: 8.62 kB - xorg-x11-server-Xwayland-devel-23.2.7-4.el9_6.x86_64.rpm
MD5: 53c0c5712345eba74da422b65a1a5c2e
SHA-256: 373ccf51d29d1eaec0e6179a92ebf8f077f733849f647e2f1cdb3d25db16da1d
Size: 8.60 kB