Issued:: 2025-07-02
Updated:: 2025-07-02

RHSA-2025:10258 - Security Advisory

Overview
Updated Packages

Synopsis

Important: xorg-x11-server-Xwayland security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Xwayland is an X server for running X clients under Wayland.

Security Fix(es):

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors (CVE-2025-49175)
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in Big Requests Extension (CVE-2025-49176)
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Data Leak in XFIXES Extension's XFixesSetClientDisconnectMode (CVE-2025-49177)
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore (CVE-2025-49178)
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer overflow in X Record extension (CVE-2025-49179)
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension (CVE-2025-49180)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
Red Hat Enterprise Linux Server - AUS 9.4 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x

Fixes

BZ - 2369947 - CVE-2025-49175 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors
BZ - 2369954 - CVE-2025-49176 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in Big Requests Extension
BZ - 2369955 - CVE-2025-49177 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Data Leak in XFIXES Extension's XFixesSetClientDisconnectMode
BZ - 2369977 - CVE-2025-49178 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore
BZ - 2369978 - CVE-2025-49179 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer overflow in X Record extension
BZ - 2369981 - CVE-2025-49180 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
xorg-x11-server-Xwayland-22.1.9-6.el9_4.src.rpm	SHA-256: e72b6128f9bec5743315ba64240e93b8acbd8fb1e81da52dd0b6bbb9d34643f8
x86_64
xorg-x11-server-Xwayland-22.1.9-6.el9_4.x86_64.rpm	SHA-256: 43194d7e1efd4eea912072bef0bd1fba58cbdb1659530779e4e5d84ba5a1f21d
xorg-x11-server-Xwayland-debuginfo-22.1.9-6.el9_4.x86_64.rpm	SHA-256: d339233b021f77fc0d6e57c0e42570ac08211c7a0f0fb2ecc138c11262a13366
xorg-x11-server-Xwayland-debugsource-22.1.9-6.el9_4.x86_64.rpm	SHA-256: bc92841d245c8dd6ef17f17923baf004fac078df920d8253d2a5d94c94c1ebb5

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
xorg-x11-server-Xwayland-22.1.9-6.el9_4.src.rpm	SHA-256: e72b6128f9bec5743315ba64240e93b8acbd8fb1e81da52dd0b6bbb9d34643f8
x86_64
xorg-x11-server-Xwayland-22.1.9-6.el9_4.x86_64.rpm	SHA-256: 43194d7e1efd4eea912072bef0bd1fba58cbdb1659530779e4e5d84ba5a1f21d
xorg-x11-server-Xwayland-debuginfo-22.1.9-6.el9_4.x86_64.rpm	SHA-256: d339233b021f77fc0d6e57c0e42570ac08211c7a0f0fb2ecc138c11262a13366
xorg-x11-server-Xwayland-debugsource-22.1.9-6.el9_4.x86_64.rpm	SHA-256: bc92841d245c8dd6ef17f17923baf004fac078df920d8253d2a5d94c94c1ebb5

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
xorg-x11-server-Xwayland-22.1.9-6.el9_4.src.rpm	SHA-256: e72b6128f9bec5743315ba64240e93b8acbd8fb1e81da52dd0b6bbb9d34643f8
s390x
xorg-x11-server-Xwayland-22.1.9-6.el9_4.s390x.rpm	SHA-256: 4ada8f70e0df9f9c2f188a84e68c859d0a4065590311fb99b0345467b3e265f0
xorg-x11-server-Xwayland-debuginfo-22.1.9-6.el9_4.s390x.rpm	SHA-256: 73a857f0cb71c3638d9af6956c0664ac8ac171966556e416512de8659fb5a4d2
xorg-x11-server-Xwayland-debugsource-22.1.9-6.el9_4.s390x.rpm	SHA-256: 316e863a1e2c012ea2723ab8aa37bbe0f461adfb11a21f2ec50ae6e79c59182f

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
xorg-x11-server-Xwayland-22.1.9-6.el9_4.src.rpm	SHA-256: e72b6128f9bec5743315ba64240e93b8acbd8fb1e81da52dd0b6bbb9d34643f8
ppc64le
xorg-x11-server-Xwayland-22.1.9-6.el9_4.ppc64le.rpm	SHA-256: 3e6b34816e7019bcfb8a468ff458070fc6cc92e0151e8a09e646e0c74d64bf91
xorg-x11-server-Xwayland-debuginfo-22.1.9-6.el9_4.ppc64le.rpm	SHA-256: 70143467fc503688367e857453bd31ef9d8b711622b6ea7580c38e132e76e080
xorg-x11-server-Xwayland-debugsource-22.1.9-6.el9_4.ppc64le.rpm	SHA-256: b4c34667a1d1f40ee7b343d5ae27de42667899d536c2f33564987f56f014ec21

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
xorg-x11-server-Xwayland-22.1.9-6.el9_4.src.rpm	SHA-256: e72b6128f9bec5743315ba64240e93b8acbd8fb1e81da52dd0b6bbb9d34643f8
aarch64
xorg-x11-server-Xwayland-22.1.9-6.el9_4.aarch64.rpm	SHA-256: d69fb52b3ef7df0c6eeeacf521a22ff17ee7e8011f0376ccce54068a4c7a340b
xorg-x11-server-Xwayland-debuginfo-22.1.9-6.el9_4.aarch64.rpm	SHA-256: c586f813bc1bb45e87a0fe6278d229ca071fb218c94ba88fd2d94faa428e6a55
xorg-x11-server-Xwayland-debugsource-22.1.9-6.el9_4.aarch64.rpm	SHA-256: 51f991b1ad05bd0194d64ee9993bef7959d8a329babf3dc8793a033bd0a867cf

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
xorg-x11-server-Xwayland-22.1.9-6.el9_4.src.rpm	SHA-256: e72b6128f9bec5743315ba64240e93b8acbd8fb1e81da52dd0b6bbb9d34643f8
ppc64le
xorg-x11-server-Xwayland-22.1.9-6.el9_4.ppc64le.rpm	SHA-256: 3e6b34816e7019bcfb8a468ff458070fc6cc92e0151e8a09e646e0c74d64bf91
xorg-x11-server-Xwayland-debuginfo-22.1.9-6.el9_4.ppc64le.rpm	SHA-256: 70143467fc503688367e857453bd31ef9d8b711622b6ea7580c38e132e76e080
xorg-x11-server-Xwayland-debugsource-22.1.9-6.el9_4.ppc64le.rpm	SHA-256: b4c34667a1d1f40ee7b343d5ae27de42667899d536c2f33564987f56f014ec21

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
xorg-x11-server-Xwayland-22.1.9-6.el9_4.src.rpm	SHA-256: e72b6128f9bec5743315ba64240e93b8acbd8fb1e81da52dd0b6bbb9d34643f8
x86_64
xorg-x11-server-Xwayland-22.1.9-6.el9_4.x86_64.rpm	SHA-256: 43194d7e1efd4eea912072bef0bd1fba58cbdb1659530779e4e5d84ba5a1f21d
xorg-x11-server-Xwayland-debuginfo-22.1.9-6.el9_4.x86_64.rpm	SHA-256: d339233b021f77fc0d6e57c0e42570ac08211c7a0f0fb2ecc138c11262a13366
xorg-x11-server-Xwayland-debugsource-22.1.9-6.el9_4.x86_64.rpm	SHA-256: bc92841d245c8dd6ef17f17923baf004fac078df920d8253d2a5d94c94c1ebb5

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
xorg-x11-server-Xwayland-22.1.9-6.el9_4.src.rpm	SHA-256: e72b6128f9bec5743315ba64240e93b8acbd8fb1e81da52dd0b6bbb9d34643f8
aarch64
xorg-x11-server-Xwayland-22.1.9-6.el9_4.aarch64.rpm	SHA-256: d69fb52b3ef7df0c6eeeacf521a22ff17ee7e8011f0376ccce54068a4c7a340b
xorg-x11-server-Xwayland-debuginfo-22.1.9-6.el9_4.aarch64.rpm	SHA-256: c586f813bc1bb45e87a0fe6278d229ca071fb218c94ba88fd2d94faa428e6a55
xorg-x11-server-Xwayland-debugsource-22.1.9-6.el9_4.aarch64.rpm	SHA-256: 51f991b1ad05bd0194d64ee9993bef7959d8a329babf3dc8793a033bd0a867cf

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
xorg-x11-server-Xwayland-22.1.9-6.el9_4.src.rpm	SHA-256: e72b6128f9bec5743315ba64240e93b8acbd8fb1e81da52dd0b6bbb9d34643f8
s390x
xorg-x11-server-Xwayland-22.1.9-6.el9_4.s390x.rpm	SHA-256: 4ada8f70e0df9f9c2f188a84e68c859d0a4065590311fb99b0345467b3e265f0
xorg-x11-server-Xwayland-debuginfo-22.1.9-6.el9_4.s390x.rpm	SHA-256: 73a857f0cb71c3638d9af6956c0664ac8ac171966556e416512de8659fb5a4d2
xorg-x11-server-Xwayland-debugsource-22.1.9-6.el9_4.s390x.rpm	SHA-256: 316e863a1e2c012ea2723ab8aa37bbe0f461adfb11a21f2ec50ae6e79c59182f

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4

SRPM
xorg-x11-server-Xwayland-22.1.9-6.el9_4.src.rpm	SHA-256: e72b6128f9bec5743315ba64240e93b8acbd8fb1e81da52dd0b6bbb9d34643f8
x86_64
xorg-x11-server-Xwayland-22.1.9-6.el9_4.x86_64.rpm	SHA-256: 43194d7e1efd4eea912072bef0bd1fba58cbdb1659530779e4e5d84ba5a1f21d
xorg-x11-server-Xwayland-debuginfo-22.1.9-6.el9_4.x86_64.rpm	SHA-256: d339233b021f77fc0d6e57c0e42570ac08211c7a0f0fb2ecc138c11262a13366
xorg-x11-server-Xwayland-debugsource-22.1.9-6.el9_4.x86_64.rpm	SHA-256: bc92841d245c8dd6ef17f17923baf004fac078df920d8253d2a5d94c94c1ebb5

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4

SRPM
xorg-x11-server-Xwayland-22.1.9-6.el9_4.src.rpm	SHA-256: e72b6128f9bec5743315ba64240e93b8acbd8fb1e81da52dd0b6bbb9d34643f8
aarch64
xorg-x11-server-Xwayland-22.1.9-6.el9_4.aarch64.rpm	SHA-256: d69fb52b3ef7df0c6eeeacf521a22ff17ee7e8011f0376ccce54068a4c7a340b
xorg-x11-server-Xwayland-debuginfo-22.1.9-6.el9_4.aarch64.rpm	SHA-256: c586f813bc1bb45e87a0fe6278d229ca071fb218c94ba88fd2d94faa428e6a55
xorg-x11-server-Xwayland-debugsource-22.1.9-6.el9_4.aarch64.rpm	SHA-256: 51f991b1ad05bd0194d64ee9993bef7959d8a329babf3dc8793a033bd0a867cf

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4

SRPM
xorg-x11-server-Xwayland-22.1.9-6.el9_4.src.rpm	SHA-256: e72b6128f9bec5743315ba64240e93b8acbd8fb1e81da52dd0b6bbb9d34643f8
ppc64le
xorg-x11-server-Xwayland-22.1.9-6.el9_4.ppc64le.rpm	SHA-256: 3e6b34816e7019bcfb8a468ff458070fc6cc92e0151e8a09e646e0c74d64bf91
xorg-x11-server-Xwayland-debuginfo-22.1.9-6.el9_4.ppc64le.rpm	SHA-256: 70143467fc503688367e857453bd31ef9d8b711622b6ea7580c38e132e76e080
xorg-x11-server-Xwayland-debugsource-22.1.9-6.el9_4.ppc64le.rpm	SHA-256: b4c34667a1d1f40ee7b343d5ae27de42667899d536c2f33564987f56f014ec21

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4

SRPM
xorg-x11-server-Xwayland-22.1.9-6.el9_4.src.rpm	SHA-256: e72b6128f9bec5743315ba64240e93b8acbd8fb1e81da52dd0b6bbb9d34643f8
s390x
xorg-x11-server-Xwayland-22.1.9-6.el9_4.s390x.rpm	SHA-256: 4ada8f70e0df9f9c2f188a84e68c859d0a4065590311fb99b0345467b3e265f0
xorg-x11-server-Xwayland-debuginfo-22.1.9-6.el9_4.s390x.rpm	SHA-256: 73a857f0cb71c3638d9af6956c0664ac8ac171966556e416512de8659fb5a4d2
xorg-x11-server-Xwayland-debugsource-22.1.9-6.el9_4.s390x.rpm	SHA-256: 316e863a1e2c012ea2723ab8aa37bbe0f461adfb11a21f2ec50ae6e79c59182f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation