ALT Linux Team

Package xorg-server update in c10f2 on 2025-10-01

ALT-PU-2025-12123-3

Package xorg-server updated to version 1.20.14-alt18 for branch c10f2 in task 395690.

Closed vulnerabilities

Published: 2024-11-27

BDU:2025-04129

Уязвимость реализации протокола Wayland для X.Org XWayland, реализации сервера X Window System X.Org Server, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM (6.8) Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C
References:
Published: 2025-03-27

BDU:2025-07022

Уязвимость функции RRChangeProviderProperty() сервера X Window System Xorg-server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.1) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Severity: MEDIUM (5.2) Vector: AV:L/AC:L/Au:S/C:P/I:N/A:C
References:
Published: 2025-03-27

BDU:2025-11858

Уязвимость расширения X Rendering реализации сервера X Window System X.Org Server и реализации протокола Wayland для X.Org XWayland, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C
References:
Published: 2025-03-27

BDU:2025-11903

Уязвимость расширения Big Requests реализации протокола Wayland для X.Org XWayland и реализации сервера X Window System X.Org Server, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: MEDIUM (6.6) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Severity: MEDIUM (5.7) Vector: AV:L/AC:L/Au:S/C:P/I:P/A:C
References:
Published: 2025-03-27

BDU:2025-12255

Уязвимость функции ReadRequestFromClient компонента os/io.c реализации протокола Wayland для X.Org XWayland и реализации сервера X Window System X.Org Server, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C
References:
Published: 2025-02-25
Modified: 2025-05-13

CVE-2025-26594

A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2025-06-17
Modified: 2025-07-07

CVE-2025-49175

A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
References:
Published: 2025-06-17
Modified: 2025-07-07

CVE-2025-49176

A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.

Severity: HIGH (7.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
References:
Published: 2025-06-17
Modified: 2025-07-07

CVE-2025-49178

A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2025-06-17
Modified: 2025-07-07

CVE-2025-49180

A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top