{"id":"MGASA-2025-0086","summary":"Updated x11-server, x11-server-xwayland & tigervnc packages fix security vulnerabilities","details":"Use-after-free of the root cursor. (CVE-2025-26594)\nBuffer overflow in XkbVModMaskText(). (CVE-2025-26595)\nHeap overflow in XkbWriteKeySyms(). (CVE-2025-26596)\nBuffer overflow in XkbChangeTypesOfKey(). (CVE-2025-26597)\nOut-of-bounds write in CreatePointerBarrierClient(). (CVE-2025-26598)\nUse of uninitialized pointer in compRedirectWindow(). (CVE-2025-26599)\nUse-after-free in PlayReleasedEvents(). (CVE-2025-26600)\nUse-after-free in SyncInitTrigger(). (CVE-2025-26601)\n","modified":"2026-04-16T00:09:00.213778667Z","published":"2025-03-03T21:39:31Z","upstream":["CVE-2025-26594","CVE-2025-26595","CVE-2025-26596","CVE-2025-26597","CVE-2025-26598","CVE-2025-26599","CVE-2025-26600","CVE-2025-26601"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0086.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=34052"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2025/02/25/1"}],"affected":[{"package":{"name":"x11-server","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/x11-server?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"21.1.8-7.7.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0086.json"}},{"package":{"name":"x11-server-xwayland","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/x11-server-xwayland?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"22.1.9-1.7.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0086.json"}},{"package":{"name":"tigervnc","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/tigervnc?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.13.1-2.7.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0086.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}