xorg-x11-server-1.20.11-26.el8_10, xorg-x11-server-Xwayland-21.1.3-18.el8_10

エラータID: AXSA:2025-10035:01

Release date: 
Wednesday, June 25, 2025 - 12:20
Subject: 
xorg-x11-server-1.20.11-26.el8_10, xorg-x11-server-Xwayland-21.1.3-18.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.

Security Fix(es):

* xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors (CVE-2025-49175)
* xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in Big Requests Extension (CVE-2025-49176)
* xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore (CVE-2025-49178)
* xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer overflow in X Record extension (CVE-2025-49179)
* xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension (CVE-2025-49180)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-49175
A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.
CVE-2025-49176
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.
CVE-2025-49178
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.
CVE-2025-49179
A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.
CVE-2025-49180
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.

Solution: 

Update packages.

CVEs: 
CVE-2025-49175
A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.
CVE-2025-49176
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.
CVE-2025-49178
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.
CVE-2025-49179
A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.
CVE-2025-49180
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
Additional Info: 

N/A

Download: 

SRPMS
  1. xorg-x11-server-1.20.11-26.el8_10.src.rpm
    MD5: d6d0250c5687fecd0a95c670a4033cda
    SHA-256: f6bd0fb422f6835115cc1399191e97450a086b2878865aa11a145aa91b26e42e
    Size: 6.28 MB
  2. xorg-x11-server-Xwayland-21.1.3-18.el8_10.src.rpm
    MD5: f550aef0644783f2cbbeebb7fa6d38f5
    SHA-256: eae43a7f100e50710e9e57e51ebc545b19f858e5107332d49dd27536b9bec866
    Size: 1.26 MB

Asianux Server 8 for x86_64
  1. xorg-x11-server-common-1.20.11-26.el8_10.x86_64.rpm
    MD5: 73b653b061ae846abd0e7138291b82ff
    SHA-256: 7463f31b766d3a077b40b03c60a1a28fe533bcbc485787fbc80d23a0d99509e3
    Size: 44.59 kB
  2. xorg-x11-server-devel-1.20.11-26.el8_10.i686.rpm
    MD5: ad5c9909fadaf232c5089210128bf52a
    SHA-256: 29d2679c4e7102c5f8304e9d432bc4a7eeb7fef2e7c79cf15861ff359e903ce7
    Size: 248.62 kB
  3. xorg-x11-server-devel-1.20.11-26.el8_10.x86_64.rpm
    MD5: 3a9ceb3cf055e31aa706d60f7fba613c
    SHA-256: c826ac99e6072fa1cba013e121724cbf8f7ef4668d6a37f74584c63ffb31097f
    Size: 248.59 kB
  4. xorg-x11-server-source-1.20.11-26.el8_10.noarch.rpm
    MD5: 07be649ecd89afc22127ed784268f3cb
    SHA-256: cc440d19a4ca168f1a49bcd2c456e8c4a3604c17cc7b59a874695cb3b8c27885
    Size: 2.43 MB
  5. xorg-x11-server-Xdmx-1.20.11-26.el8_10.x86_64.rpm
    MD5: c27a903ff77fb3618d639f72bbaeee95
    SHA-256: bac9b3edf0df9b0914dbcbd90c33e68fddad35c397b736013c12e8116b709266
    Size: 904.39 kB
  6. xorg-x11-server-Xephyr-1.20.11-26.el8_10.x86_64.rpm
    MD5: e8a251a740c37e1e8edfa9503523a712
    SHA-256: b6fb40e267a1056a147d4d2b00aea16083b3407a32196c8a788ef67cc6508b26
    Size: 1.00 MB
  7. xorg-x11-server-Xnest-1.20.11-26.el8_10.x86_64.rpm
    MD5: e8624c1bec8a4e65b23487fff804fcc9
    SHA-256: d3e53a06bfee9d065a8db54e9052c1b1395e75dc8d96b8b615418a0e7e162a7a
    Size: 721.07 kB
  8. xorg-x11-server-Xorg-1.20.11-26.el8_10.x86_64.rpm
    MD5: 47374102cf62df4c4a7188c750e832be
    SHA-256: 540e927cd6cad56c6ea03286c6488e4c8f6823c9c3bbfa80222d8a48c020db03
    Size: 1.49 MB
  9. xorg-x11-server-Xvfb-1.20.11-26.el8_10.x86_64.rpm
    MD5: 28d2e9eb015d432c1e4a8c52065dfb26
    SHA-256: 98bab12379740ec94aa2440dc808a5ad3a0a7df71da0148ed7476c91179b56cb
    Size: 874.39 kB
  10. xorg-x11-server-Xwayland-21.1.3-18.el8_10.x86_64.rpm
    MD5: eca25ccef3e9ae53e506de17eb063d12
    SHA-256: 9016b1f46f68cfc1cf3fb9d6c1f2fbe5d79fc3b2089030f66a71e7c8ed064bfd
    Size: 965.71 kB