ALT-BU-2025-12563-1
Branch c10f2 update bulletin.
Package xorg-server updated to version 1.20.14-alt18 for branch c10f2 in task 395690.
Closed vulnerabilities
BDU:2025-04129
Уязвимость реализации протокола Wayland для X.Org XWayland, реализации сервера X Window System X.Org Server, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2025-07022
Уязвимость функции RRChangeProviderProperty() сервера X Window System Xorg-server, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2025-11858
Уязвимость расширения X Rendering реализации сервера X Window System X.Org Server и реализации протокола Wayland для X.Org XWayland, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2025-11903
Уязвимость расширения Big Requests реализации протокола Wayland для X.Org XWayland и реализации сервера X Window System X.Org Server, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2025-12255
Уязвимость функции ReadRequestFromClient компонента os/io.c реализации протокола Wayland для X.Org XWayland и реализации сервера X Window System X.Org Server, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-05-13
CVE-2025-26594
A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free.
- https://access.redhat.com/errata/RHSA-2025:2500
- https://access.redhat.com/errata/RHSA-2025:2502
- https://access.redhat.com/errata/RHSA-2025:2861
- https://access.redhat.com/errata/RHSA-2025:2862
- https://access.redhat.com/errata/RHSA-2025:2865
- https://access.redhat.com/errata/RHSA-2025:2866
- https://access.redhat.com/errata/RHSA-2025:2873
- https://access.redhat.com/errata/RHSA-2025:2874
- https://access.redhat.com/errata/RHSA-2025:2875
- https://access.redhat.com/errata/RHSA-2025:2879
- https://access.redhat.com/errata/RHSA-2025:2880
- https://access.redhat.com/errata/RHSA-2025:7163
- https://access.redhat.com/errata/RHSA-2025:7165
- https://access.redhat.com/errata/RHSA-2025:7458
- https://access.redhat.com/security/cve/CVE-2025-26594
- https://bugzilla.redhat.com/show_bug.cgi?id=2345248
Modified: 2025-07-07
CVE-2025-49175
A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.
- https://access.redhat.com/errata/RHSA-2025:10258
- https://access.redhat.com/errata/RHSA-2025:10342
- https://access.redhat.com/errata/RHSA-2025:10343
- https://access.redhat.com/errata/RHSA-2025:10344
- https://access.redhat.com/errata/RHSA-2025:10346
- https://access.redhat.com/errata/RHSA-2025:10347
- https://access.redhat.com/errata/RHSA-2025:10348
- https://access.redhat.com/errata/RHSA-2025:10349
- https://access.redhat.com/errata/RHSA-2025:10350
- https://access.redhat.com/errata/RHSA-2025:10351
- https://access.redhat.com/errata/RHSA-2025:10352
- https://access.redhat.com/errata/RHSA-2025:10355
- https://access.redhat.com/errata/RHSA-2025:10356
- https://access.redhat.com/errata/RHSA-2025:10360
- https://access.redhat.com/errata/RHSA-2025:10370
- https://access.redhat.com/errata/RHSA-2025:10374
- https://access.redhat.com/errata/RHSA-2025:10375
- https://access.redhat.com/errata/RHSA-2025:10376
- https://access.redhat.com/errata/RHSA-2025:10377
- https://access.redhat.com/errata/RHSA-2025:10378
- https://access.redhat.com/errata/RHSA-2025:10381
- https://access.redhat.com/errata/RHSA-2025:10410
- https://access.redhat.com/errata/RHSA-2025:9303
- https://access.redhat.com/errata/RHSA-2025:9304
- https://access.redhat.com/errata/RHSA-2025:9305
- https://access.redhat.com/errata/RHSA-2025:9306
- https://access.redhat.com/errata/RHSA-2025:9392
- https://access.redhat.com/errata/RHSA-2025:9964
- https://access.redhat.com/security/cve/CVE-2025-49175
- https://bugzilla.redhat.com/show_bug.cgi?id=2369947
Modified: 2025-07-07
CVE-2025-49176
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.
- https://access.redhat.com/errata/RHSA-2025:10258
- https://access.redhat.com/errata/RHSA-2025:10342
- https://access.redhat.com/errata/RHSA-2025:10343
- https://access.redhat.com/errata/RHSA-2025:10344
- https://access.redhat.com/errata/RHSA-2025:10346
- https://access.redhat.com/errata/RHSA-2025:10347
- https://access.redhat.com/errata/RHSA-2025:10348
- https://access.redhat.com/errata/RHSA-2025:10349
- https://access.redhat.com/errata/RHSA-2025:10350
- https://access.redhat.com/errata/RHSA-2025:10351
- https://access.redhat.com/errata/RHSA-2025:10352
- https://access.redhat.com/errata/RHSA-2025:10355
- https://access.redhat.com/errata/RHSA-2025:10356
- https://access.redhat.com/errata/RHSA-2025:10360
- https://access.redhat.com/errata/RHSA-2025:10370
- https://access.redhat.com/errata/RHSA-2025:10374
- https://access.redhat.com/errata/RHSA-2025:10375
- https://access.redhat.com/errata/RHSA-2025:10376
- https://access.redhat.com/errata/RHSA-2025:10377
- https://access.redhat.com/errata/RHSA-2025:10378
- https://access.redhat.com/errata/RHSA-2025:10381
- https://access.redhat.com/errata/RHSA-2025:10410
- https://access.redhat.com/errata/RHSA-2025:9303
- https://access.redhat.com/errata/RHSA-2025:9304
- https://access.redhat.com/errata/RHSA-2025:9305
- https://access.redhat.com/errata/RHSA-2025:9306
- https://access.redhat.com/errata/RHSA-2025:9392
- https://access.redhat.com/errata/RHSA-2025:9964
- https://access.redhat.com/security/cve/CVE-2025-49176
- https://bugzilla.redhat.com/show_bug.cgi?id=2369954
- http://www.openwall.com/lists/oss-security/2025/06/18/2
Modified: 2025-07-07
CVE-2025-49178
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.
- https://access.redhat.com/errata/RHSA-2025:10258
- https://access.redhat.com/errata/RHSA-2025:10342
- https://access.redhat.com/errata/RHSA-2025:10343
- https://access.redhat.com/errata/RHSA-2025:10344
- https://access.redhat.com/errata/RHSA-2025:10346
- https://access.redhat.com/errata/RHSA-2025:10347
- https://access.redhat.com/errata/RHSA-2025:10348
- https://access.redhat.com/errata/RHSA-2025:10349
- https://access.redhat.com/errata/RHSA-2025:10350
- https://access.redhat.com/errata/RHSA-2025:10351
- https://access.redhat.com/errata/RHSA-2025:10352
- https://access.redhat.com/errata/RHSA-2025:10355
- https://access.redhat.com/errata/RHSA-2025:10356
- https://access.redhat.com/errata/RHSA-2025:10360
- https://access.redhat.com/errata/RHSA-2025:10370
- https://access.redhat.com/errata/RHSA-2025:10374
- https://access.redhat.com/errata/RHSA-2025:10375
- https://access.redhat.com/errata/RHSA-2025:10376
- https://access.redhat.com/errata/RHSA-2025:10377
- https://access.redhat.com/errata/RHSA-2025:10378
- https://access.redhat.com/errata/RHSA-2025:10381
- https://access.redhat.com/errata/RHSA-2025:10410
- https://access.redhat.com/errata/RHSA-2025:9303
- https://access.redhat.com/errata/RHSA-2025:9304
- https://access.redhat.com/errata/RHSA-2025:9305
- https://access.redhat.com/errata/RHSA-2025:9306
- https://access.redhat.com/errata/RHSA-2025:9392
- https://access.redhat.com/errata/RHSA-2025:9964
- https://access.redhat.com/security/cve/CVE-2025-49178
- https://bugzilla.redhat.com/show_bug.cgi?id=2369977
Modified: 2025-07-07
CVE-2025-49180
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
- https://access.redhat.com/errata/RHSA-2025:10258
- https://access.redhat.com/errata/RHSA-2025:10342
- https://access.redhat.com/errata/RHSA-2025:10343
- https://access.redhat.com/errata/RHSA-2025:10344
- https://access.redhat.com/errata/RHSA-2025:10346
- https://access.redhat.com/errata/RHSA-2025:10347
- https://access.redhat.com/errata/RHSA-2025:10348
- https://access.redhat.com/errata/RHSA-2025:10349
- https://access.redhat.com/errata/RHSA-2025:10350
- https://access.redhat.com/errata/RHSA-2025:10351
- https://access.redhat.com/errata/RHSA-2025:10352
- https://access.redhat.com/errata/RHSA-2025:10355
- https://access.redhat.com/errata/RHSA-2025:10356
- https://access.redhat.com/errata/RHSA-2025:10360
- https://access.redhat.com/errata/RHSA-2025:10370
- https://access.redhat.com/errata/RHSA-2025:10374
- https://access.redhat.com/errata/RHSA-2025:10375
- https://access.redhat.com/errata/RHSA-2025:10376
- https://access.redhat.com/errata/RHSA-2025:10377
- https://access.redhat.com/errata/RHSA-2025:10378
- https://access.redhat.com/errata/RHSA-2025:10381
- https://access.redhat.com/errata/RHSA-2025:10410
- https://access.redhat.com/errata/RHSA-2025:9303
- https://access.redhat.com/errata/RHSA-2025:9304
- https://access.redhat.com/errata/RHSA-2025:9305
- https://access.redhat.com/errata/RHSA-2025:9306
- https://access.redhat.com/errata/RHSA-2025:9392
- https://access.redhat.com/errata/RHSA-2025:9964
- https://access.redhat.com/security/cve/CVE-2025-49180
- https://bugzilla.redhat.com/show_bug.cgi?id=2369981
Package xorg-xwayland updated to version 23.1.1-alt10 for branch c10f2 in task 395690.
Closed vulnerabilities
BDU:2025-04129
Уязвимость реализации протокола Wayland для X.Org XWayland, реализации сервера X Window System X.Org Server, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2025-07022
Уязвимость функции RRChangeProviderProperty() сервера X Window System Xorg-server, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2025-11858
Уязвимость расширения X Rendering реализации сервера X Window System X.Org Server и реализации протокола Wayland для X.Org XWayland, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2025-11903
Уязвимость расширения Big Requests реализации протокола Wayland для X.Org XWayland и реализации сервера X Window System X.Org Server, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2025-12255
Уязвимость функции ReadRequestFromClient компонента os/io.c реализации протокола Wayland для X.Org XWayland и реализации сервера X Window System X.Org Server, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-05-13
CVE-2025-26594
A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free.
- https://access.redhat.com/errata/RHSA-2025:2500
- https://access.redhat.com/errata/RHSA-2025:2502
- https://access.redhat.com/errata/RHSA-2025:2861
- https://access.redhat.com/errata/RHSA-2025:2862
- https://access.redhat.com/errata/RHSA-2025:2865
- https://access.redhat.com/errata/RHSA-2025:2866
- https://access.redhat.com/errata/RHSA-2025:2873
- https://access.redhat.com/errata/RHSA-2025:2874
- https://access.redhat.com/errata/RHSA-2025:2875
- https://access.redhat.com/errata/RHSA-2025:2879
- https://access.redhat.com/errata/RHSA-2025:2880
- https://access.redhat.com/errata/RHSA-2025:7163
- https://access.redhat.com/errata/RHSA-2025:7165
- https://access.redhat.com/errata/RHSA-2025:7458
- https://access.redhat.com/security/cve/CVE-2025-26594
- https://bugzilla.redhat.com/show_bug.cgi?id=2345248
Modified: 2025-07-07
CVE-2025-49175
A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.
- https://access.redhat.com/errata/RHSA-2025:10258
- https://access.redhat.com/errata/RHSA-2025:10342
- https://access.redhat.com/errata/RHSA-2025:10343
- https://access.redhat.com/errata/RHSA-2025:10344
- https://access.redhat.com/errata/RHSA-2025:10346
- https://access.redhat.com/errata/RHSA-2025:10347
- https://access.redhat.com/errata/RHSA-2025:10348
- https://access.redhat.com/errata/RHSA-2025:10349
- https://access.redhat.com/errata/RHSA-2025:10350
- https://access.redhat.com/errata/RHSA-2025:10351
- https://access.redhat.com/errata/RHSA-2025:10352
- https://access.redhat.com/errata/RHSA-2025:10355
- https://access.redhat.com/errata/RHSA-2025:10356
- https://access.redhat.com/errata/RHSA-2025:10360
- https://access.redhat.com/errata/RHSA-2025:10370
- https://access.redhat.com/errata/RHSA-2025:10374
- https://access.redhat.com/errata/RHSA-2025:10375
- https://access.redhat.com/errata/RHSA-2025:10376
- https://access.redhat.com/errata/RHSA-2025:10377
- https://access.redhat.com/errata/RHSA-2025:10378
- https://access.redhat.com/errata/RHSA-2025:10381
- https://access.redhat.com/errata/RHSA-2025:10410
- https://access.redhat.com/errata/RHSA-2025:9303
- https://access.redhat.com/errata/RHSA-2025:9304
- https://access.redhat.com/errata/RHSA-2025:9305
- https://access.redhat.com/errata/RHSA-2025:9306
- https://access.redhat.com/errata/RHSA-2025:9392
- https://access.redhat.com/errata/RHSA-2025:9964
- https://access.redhat.com/security/cve/CVE-2025-49175
- https://bugzilla.redhat.com/show_bug.cgi?id=2369947
Modified: 2025-07-07
CVE-2025-49176
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.
- https://access.redhat.com/errata/RHSA-2025:10258
- https://access.redhat.com/errata/RHSA-2025:10342
- https://access.redhat.com/errata/RHSA-2025:10343
- https://access.redhat.com/errata/RHSA-2025:10344
- https://access.redhat.com/errata/RHSA-2025:10346
- https://access.redhat.com/errata/RHSA-2025:10347
- https://access.redhat.com/errata/RHSA-2025:10348
- https://access.redhat.com/errata/RHSA-2025:10349
- https://access.redhat.com/errata/RHSA-2025:10350
- https://access.redhat.com/errata/RHSA-2025:10351
- https://access.redhat.com/errata/RHSA-2025:10352
- https://access.redhat.com/errata/RHSA-2025:10355
- https://access.redhat.com/errata/RHSA-2025:10356
- https://access.redhat.com/errata/RHSA-2025:10360
- https://access.redhat.com/errata/RHSA-2025:10370
- https://access.redhat.com/errata/RHSA-2025:10374
- https://access.redhat.com/errata/RHSA-2025:10375
- https://access.redhat.com/errata/RHSA-2025:10376
- https://access.redhat.com/errata/RHSA-2025:10377
- https://access.redhat.com/errata/RHSA-2025:10378
- https://access.redhat.com/errata/RHSA-2025:10381
- https://access.redhat.com/errata/RHSA-2025:10410
- https://access.redhat.com/errata/RHSA-2025:9303
- https://access.redhat.com/errata/RHSA-2025:9304
- https://access.redhat.com/errata/RHSA-2025:9305
- https://access.redhat.com/errata/RHSA-2025:9306
- https://access.redhat.com/errata/RHSA-2025:9392
- https://access.redhat.com/errata/RHSA-2025:9964
- https://access.redhat.com/security/cve/CVE-2025-49176
- https://bugzilla.redhat.com/show_bug.cgi?id=2369954
- http://www.openwall.com/lists/oss-security/2025/06/18/2
Modified: 2025-07-07
CVE-2025-49178
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.
- https://access.redhat.com/errata/RHSA-2025:10258
- https://access.redhat.com/errata/RHSA-2025:10342
- https://access.redhat.com/errata/RHSA-2025:10343
- https://access.redhat.com/errata/RHSA-2025:10344
- https://access.redhat.com/errata/RHSA-2025:10346
- https://access.redhat.com/errata/RHSA-2025:10347
- https://access.redhat.com/errata/RHSA-2025:10348
- https://access.redhat.com/errata/RHSA-2025:10349
- https://access.redhat.com/errata/RHSA-2025:10350
- https://access.redhat.com/errata/RHSA-2025:10351
- https://access.redhat.com/errata/RHSA-2025:10352
- https://access.redhat.com/errata/RHSA-2025:10355
- https://access.redhat.com/errata/RHSA-2025:10356
- https://access.redhat.com/errata/RHSA-2025:10360
- https://access.redhat.com/errata/RHSA-2025:10370
- https://access.redhat.com/errata/RHSA-2025:10374
- https://access.redhat.com/errata/RHSA-2025:10375
- https://access.redhat.com/errata/RHSA-2025:10376
- https://access.redhat.com/errata/RHSA-2025:10377
- https://access.redhat.com/errata/RHSA-2025:10378
- https://access.redhat.com/errata/RHSA-2025:10381
- https://access.redhat.com/errata/RHSA-2025:10410
- https://access.redhat.com/errata/RHSA-2025:9303
- https://access.redhat.com/errata/RHSA-2025:9304
- https://access.redhat.com/errata/RHSA-2025:9305
- https://access.redhat.com/errata/RHSA-2025:9306
- https://access.redhat.com/errata/RHSA-2025:9392
- https://access.redhat.com/errata/RHSA-2025:9964
- https://access.redhat.com/security/cve/CVE-2025-49178
- https://bugzilla.redhat.com/show_bug.cgi?id=2369977
Modified: 2025-07-07
CVE-2025-49180
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
- https://access.redhat.com/errata/RHSA-2025:10258
- https://access.redhat.com/errata/RHSA-2025:10342
- https://access.redhat.com/errata/RHSA-2025:10343
- https://access.redhat.com/errata/RHSA-2025:10344
- https://access.redhat.com/errata/RHSA-2025:10346
- https://access.redhat.com/errata/RHSA-2025:10347
- https://access.redhat.com/errata/RHSA-2025:10348
- https://access.redhat.com/errata/RHSA-2025:10349
- https://access.redhat.com/errata/RHSA-2025:10350
- https://access.redhat.com/errata/RHSA-2025:10351
- https://access.redhat.com/errata/RHSA-2025:10352
- https://access.redhat.com/errata/RHSA-2025:10355
- https://access.redhat.com/errata/RHSA-2025:10356
- https://access.redhat.com/errata/RHSA-2025:10360
- https://access.redhat.com/errata/RHSA-2025:10370
- https://access.redhat.com/errata/RHSA-2025:10374
- https://access.redhat.com/errata/RHSA-2025:10375
- https://access.redhat.com/errata/RHSA-2025:10376
- https://access.redhat.com/errata/RHSA-2025:10377
- https://access.redhat.com/errata/RHSA-2025:10378
- https://access.redhat.com/errata/RHSA-2025:10381
- https://access.redhat.com/errata/RHSA-2025:10410
- https://access.redhat.com/errata/RHSA-2025:9303
- https://access.redhat.com/errata/RHSA-2025:9304
- https://access.redhat.com/errata/RHSA-2025:9305
- https://access.redhat.com/errata/RHSA-2025:9306
- https://access.redhat.com/errata/RHSA-2025:9392
- https://access.redhat.com/errata/RHSA-2025:9964
- https://access.redhat.com/security/cve/CVE-2025-49180
- https://bugzilla.redhat.com/show_bug.cgi?id=2369981
Closed vulnerabilities
BDU:2025-03638
Уязвимость языка программирования Go, связанная с неправильной проверкой синтаксической корректности ввода, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-05-01
CVE-2025-22868
An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.
Closed vulnerabilities
BDU:2024-07431
Уязвимость платформ для архивирования корпоративной информации HashiCorp Vault и Vault Enterprise, связанная с вставкой конфиденциальной информации в файл журнала, позволяющая нарушителю получить доступ к конфиденциальной информации
BDU:2025-09562
Уязвимость компонента sys/audit платформ для архивирования корпоративной информации Vault Enterprise и Vault Community Edition, позволяющая нарушителю получить несанкционированный доступ на выполнение произвольного кода
BDU:2025-09564
Уязвимость механизма блокировки пользователя платформ для архивирования корпоративной информации Vault Enterprise и Vault Community Edition, позволяющая нарушителю обойти существующие ограничения безопасности
BDU:2025-09565
Уязвимость платформ для архивирования корпоративной информации Vault Enterprise и Vault Community Edition, связанная с некорректным присваиванием привилегий, позволяющая нарушителю повысить свои привилегии до root уровня
BDU:2025-11264
Уязвимость функции CompareHashAndPassword платформ для архивирования корпоративной информации Vault Enterprise и Vault Community Edition, связанная с раскрытием информации из-за несоответствия во времени, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Modified: 2024-09-04
CVE-2024-8365
Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9.
Modified: 2025-08-13
CVE-2025-5999
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22.
Modified: 2025-08-13
CVE-2025-6000
A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
Modified: 2025-08-13
CVE-2025-6004
Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
No data currently available.
Modified: 2025-08-13
CVE-2025-6011
A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault’s Userpass auth method. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.