ALSA-2025:7165

[ALSA-2025:7165] Moderate: xorg-x11-server-Xwayland security update

Type:

security

Severity:

moderate

Release date:

2025-07-02

Description:

Xwayland is an X server for running X clients under Wayland.  

Security Fix(es):  

  * xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability (CVE-2024-9632)
  * X.Org: Xwayland: Use-after-free of the root cursor (CVE-2025-26594)
  * xorg: xwayland: Use-after-free in SyncInitTrigger() (CVE-2025-26601)
  * xorg: xwayland: Use-after-free in PlayReleasedEvents() (CVE-2025-26600)
  * xorg: xwayland: Use of uninitialized pointer in compRedirectWindow() (CVE-2025-26599)
  * xorg: xwayland: Out-of-bounds write in CreatePointerBarrierClient() (CVE-2025-26598)
  * xorg: xwayland: Buffer overflow in XkbChangeTypesOfKey() (CVE-2025-26597)
  * xorg: xwayland: Heap overflow in XkbWriteKeySyms() (CVE-2025-26596)
  * Xorg: xwayland: Buffer overflow in XkbVModMaskText() (CVE-2025-26595)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  

Additional Changes:  

For detailed information on changes in this release, see the AlmaLinuxRelease Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	xorg-x11-server-Xwayland-23.2.7-3.el9_6.aarch64.rpm	57e11ee17bf053ccbe0d1ba54da379a8fce70accc0f75811ccfe6d389d709589
aarch64	xorg-x11-server-Xwayland-devel-23.2.7-3.el9_6.aarch64.rpm	d59800c78259bb7c62411f737e6b36730c8acdd53675d12138749eba96e11919
i686	xorg-x11-server-Xwayland-devel-23.2.7-3.el9_6.i686.rpm	90c10c76c57c26896acc8f1f3ae13a391f48b46a5bccf1c417b71e7b100d3b40
i686	xorg-x11-server-Xwayland-23.2.7-3.el9_6.i686.rpm	b146d6875ab01879300483c8b26991d2200cfc005398c25bbeddc13620cfa35e
ppc64le	xorg-x11-server-Xwayland-devel-23.2.7-3.el9_6.ppc64le.rpm	08343e05db4042ba17d24a7f827e0be908f5647f94159b64690d10b884b5c010
ppc64le	xorg-x11-server-Xwayland-23.2.7-3.el9_6.ppc64le.rpm	dc3fcbef1f61aa7faec1bcf57958db94cd13ec4c8cceeedd3c1088c4810a2a76
s390x	xorg-x11-server-Xwayland-23.2.7-3.el9_6.s390x.rpm	301a19fc57083686802d74176ec0953ad573ddf5a35a862ee1778c6550db2da9
s390x	xorg-x11-server-Xwayland-devel-23.2.7-3.el9_6.s390x.rpm	513e9d30e7603bfba2557a380825f3805bd28d585be0b9330f4cb39c68fbce8d
x86_64	xorg-x11-server-Xwayland-23.2.7-3.el9_6.x86_64.rpm	12e5b24dbda30ccb9f8afc0f5cf2bb6f86f0672f1b63e8379acf50c0c4f89ed1
x86_64	xorg-x11-server-Xwayland-devel-23.2.7-3.el9_6.x86_64.rpm	c8d58881a20eca09d56bb9544185b084257029d1ec3fd77767cb0c9d951c0367

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.