{"id":"ALSA-2025:9304","summary":"Important: xorg-x11-server-Xwayland security update","details":"Xwayland is an X server for running X clients under Wayland.  \n\nSecurity Fix(es):  \n\n  * xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors (CVE-2025-49175)\n  * xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in Big Requests Extension (CVE-2025-49176)\n  * xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Data Leak in XFIXES Extension's XFixesSetClientDisconnectMode (CVE-2025-49177)\n  * xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore (CVE-2025-49178)\n  * xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer overflow in X Record extension (CVE-2025-49179)\n  * xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension (CVE-2025-49180)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n","modified":"2026-01-30T01:24:19.252690Z","published":"2025-06-23T00:00:00Z","related":["CVE-2025-49175","CVE-2025-49176","CVE-2025-49177","CVE-2025-49178","CVE-2025-49179","CVE-2025-49180"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:9304"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-49175"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-49176"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-49177"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-49178"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-49179"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-49180"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2369947"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2369954"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2369955"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2369977"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2369978"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2369981"},{"type":"ADVISORY","url":"https://errata.almalinux.org/10/ALSA-2025-9304.html"}],"affected":[{"package":{"name":"xorg-x11-server-Xwayland","ecosystem":"AlmaLinux:10","purl":"pkg:rpm/almalinux/xorg-x11-server-Xwayland"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.1.5-4.el10_0"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2025:9304.json"}},{"package":{"name":"xorg-x11-server-Xwayland-devel","ecosystem":"AlmaLinux:10","purl":"pkg:rpm/almalinux/xorg-x11-server-Xwayland-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.1.5-4.el10_0"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2025:9304.json"}}],"schema_version":"1.7.3"}