{"id":"ALSA-2025:9305","summary":"Important: xorg-x11-server and xorg-x11-server-Xwayland security update","details":"X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.  \n\nSecurity Fix(es):  \n\n  * xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors (CVE-2025-49175)\n  * xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in Big Requests Extension (CVE-2025-49176)\n  * xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore (CVE-2025-49178)\n  * xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer overflow in X Record extension (CVE-2025-49179)\n  * xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension (CVE-2025-49180)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n","modified":"2026-01-30T02:43:16.459563Z","published":"2025-06-23T00:00:00Z","related":["CVE-2025-49175","CVE-2025-49176","CVE-2025-49178","CVE-2025-49179","CVE-2025-49180"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:9305"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-49175"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-49176"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-49178"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-49179"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-49180"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2369947"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2369954"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2369977"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2369978"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2369981"},{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2025-9305.html"}],"affected":[{"package":{"name":"xorg-x11-server-Xdmx","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/xorg-x11-server-Xdmx"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.20.11-26.el8_10"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:9305.json"}},{"package":{"name":"xorg-x11-server-Xephyr","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/xorg-x11-server-Xephyr"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.20.11-26.el8_10"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:9305.json"}},{"package":{"name":"xorg-x11-server-Xnest","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/xorg-x11-server-Xnest"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.20.11-26.el8_10"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:9305.json"}},{"package":{"name":"xorg-x11-server-Xorg","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/xorg-x11-server-Xorg"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.20.11-26.el8_10"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:9305.json"}},{"package":{"name":"xorg-x11-server-Xvfb","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/xorg-x11-server-Xvfb"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.20.11-26.el8_10"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:9305.json"}},{"package":{"name":"xorg-x11-server-Xwayland","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/xorg-x11-server-Xwayland"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"21.1.3-18.el8_10"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:9305.json"}},{"package":{"name":"xorg-x11-server-common","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/xorg-x11-server-common"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.20.11-26.el8_10"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:9305.json"}},{"package":{"name":"xorg-x11-server-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/xorg-x11-server-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.20.11-26.el8_10"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:9305.json"}},{"package":{"name":"xorg-x11-server-source","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/xorg-x11-server-source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.20.11-26.el8_10"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:9305.json"}}],"schema_version":"1.7.3"}