CLSA-2025:1756408410

[CLSA-2025:1756408410] xorg-x11-server: Fix of 8 CVEs

Type:

security

Severity:

Important

Release date:

2025-08-28 19:13:34 UTC

Description:

- CVE-2025-26594: refuse to free the root cursor and keep its ref
- CVE-2025-26595: fix buffer overflow in XkbVModMaskText()
- CVE-2025-26596: xkb: fix computation of XkbSizeKeySyms
- CVE-2025-26597: xkb: fix buffer overflow in XkbChangeTypesOfKey()
- CVE-2025-26598: Xi: Fix barrier device search
- CVE-2025-26599: always initialize the border clip in compAllocPixmap()
- CVE-2025-26600: dix: Dequeue pending events on frozen device on removal
- CVE-2025-26601: postpone actual changes in SyncChangeAlarmAttributes()

Updated packages:

xorg-x11-server-Xdmx-1.20.4-99.el7_9.tuxcare.els1.x86_64.rpm
sha:01489236ed2a9309f72334b49844669d7fa8bdff94ef2c4f17621c594fb5b470
xorg-x11-server-Xephyr-1.20.4-99.el7_9.tuxcare.els1.x86_64.rpm
sha:bcea2c9e926e4fe697d561bb6124fd9712afafc5e64ff5d82ab53f904f05959a
xorg-x11-server-Xnest-1.20.4-99.el7_9.tuxcare.els1.x86_64.rpm
sha:ebd7fd5ca9f6294c11090180038ed2d3ad6e095e9ba5ee0668b25c119bfe85e1
xorg-x11-server-Xorg-1.20.4-99.el7_9.tuxcare.els1.x86_64.rpm
sha:4fbb79d5ec7a80f024f2a72ba26f2ea7c3b489744beaa437a9866935facb0984
xorg-x11-server-Xvfb-1.20.4-99.el7_9.tuxcare.els1.x86_64.rpm
sha:0514046b7c404868ebc78508bb595ad7e12e9698eaa29346ff1227359e64c078
xorg-x11-server-Xwayland-1.20.4-99.el7_9.tuxcare.els1.x86_64.rpm
sha:b87497feaacc1daccfdfaf2139bbf3074dcabda134c3011d2e8b4653c5a66e0f
xorg-x11-server-common-1.20.4-99.el7_9.tuxcare.els1.x86_64.rpm
sha:4c3d2d8648f7bd635df2d5ac341efe89213ab7a7770095dfd4dfc2dece0dab76
xorg-x11-server-devel-1.20.4-99.el7_9.tuxcare.els1.i686.rpm
sha:16a184bf86c4be04d843dffbb8d122c6b8dd1865a13609b1e5361baeff3874ee
xorg-x11-server-devel-1.20.4-99.el7_9.tuxcare.els1.x86_64.rpm
sha:72f37fc74c7fcdd1ca5776932a9550ecce5b9029ea9bdbd21058f5fba8d33e1e
xorg-x11-server-source-1.20.4-99.el7_9.tuxcare.els1.noarch.rpm
sha:a73196918f73e6f81ce03e813a33cbbaf216cb3a7565802b7ef704f75293f770

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.