Issued:: 2025-11-11
Updated:: 2025-11-11

RHSA-2025:20960 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: xorg-x11-server-Xwayland security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Xwayland is an X server for running X clients under Wayland.

Security Fix(es):

xorg: xmayland: Use-after-free in XPresentNotify structure creation (CVE-2025-62229)
xorg: xwayland: Use-after-free in Xkb client resource removal (CVE-2025-62230)
xorg: xmayland: Value overflow in XkbSetCompatMap() (CVE-2025-62231)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 9 x86_64
Red Hat Enterprise Linux for IBM z Systems 9 s390x
Red Hat Enterprise Linux for Power, little endian 9 ppc64le
Red Hat Enterprise Linux for ARM 64 9 aarch64
Red Hat CodeReady Linux Builder for x86_64 9 x86_64
Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x

Fixes

BZ - 2402649 - CVE-2025-62229 xorg: xmayland: Use-after-free in XPresentNotify structure creation
BZ - 2402653 - CVE-2025-62230 xorg: xwayland: Use-after-free in Xkb client resource removal
BZ - 2402660 - CVE-2025-62231 xorg: xmayland: Value overflow in XkbSetCompatMap()

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 9

SRPM
xorg-x11-server-Xwayland-23.2.7-5.el9_7.src.rpm	SHA-256: a5d1b9459744e636787af7ff087e723784ef8b4f24c8c6626308f558f53a84f6
x86_64
xorg-x11-server-Xwayland-23.2.7-5.el9_7.x86_64.rpm	SHA-256: 60b80f129670b0be47de958bb3f5d0924f61feeaa865804882284501e28b19b3
xorg-x11-server-Xwayland-debuginfo-23.2.7-5.el9_7.x86_64.rpm	SHA-256: b4b5564a7c30f086415d52d1ab131082aa5139fde29cae5e4f53f24d4c251aa5
xorg-x11-server-Xwayland-debugsource-23.2.7-5.el9_7.x86_64.rpm	SHA-256: a40f44881830d84d946713bdd38d9590ccb4d25b023a2c92b67b4b7001a17e74

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
xorg-x11-server-Xwayland-23.2.7-5.el9_7.src.rpm	SHA-256: a5d1b9459744e636787af7ff087e723784ef8b4f24c8c6626308f558f53a84f6
s390x
xorg-x11-server-Xwayland-23.2.7-5.el9_7.s390x.rpm	SHA-256: 16d78f17a739910aa07207c081b22b0862e8894942779c156c8bb8a5d526a36e
xorg-x11-server-Xwayland-debuginfo-23.2.7-5.el9_7.s390x.rpm	SHA-256: 644b66caad2d95b9bd1896098531974631121678afcec517da4ff699c9a5098e
xorg-x11-server-Xwayland-debugsource-23.2.7-5.el9_7.s390x.rpm	SHA-256: c6abdf4991c1668e9c9f957ad3d902a6f03e61a416bd2870ae588a05c21c4e08

Red Hat Enterprise Linux for Power, little endian 9

SRPM
xorg-x11-server-Xwayland-23.2.7-5.el9_7.src.rpm	SHA-256: a5d1b9459744e636787af7ff087e723784ef8b4f24c8c6626308f558f53a84f6
ppc64le
xorg-x11-server-Xwayland-23.2.7-5.el9_7.ppc64le.rpm	SHA-256: 303b0002821c22ceca1fc26e245e8d4f2bc815755efaea8e50db13271cacbd50
xorg-x11-server-Xwayland-debuginfo-23.2.7-5.el9_7.ppc64le.rpm	SHA-256: 06488b7e1012cfd564c139f743c7d0cebe7aaf4dff0c4b3487dd8a3e13b5042d
xorg-x11-server-Xwayland-debugsource-23.2.7-5.el9_7.ppc64le.rpm	SHA-256: 78568ada3bc81601251550d5d7599cdf60f0dfcd5160e868e3a70007b08a3bf3

Red Hat Enterprise Linux for ARM 64 9

SRPM
xorg-x11-server-Xwayland-23.2.7-5.el9_7.src.rpm	SHA-256: a5d1b9459744e636787af7ff087e723784ef8b4f24c8c6626308f558f53a84f6
aarch64
xorg-x11-server-Xwayland-23.2.7-5.el9_7.aarch64.rpm	SHA-256: 9d2b85f4a90100dd0d5c17d385faf69e32e0e90ccbb7e22cd2e548db92afbb4f
xorg-x11-server-Xwayland-debuginfo-23.2.7-5.el9_7.aarch64.rpm	SHA-256: bc100d2ac86adb177e7580254287f5478d060565537186ac9bfb72c99c2c2acd
xorg-x11-server-Xwayland-debugsource-23.2.7-5.el9_7.aarch64.rpm	SHA-256: 132344628e7f2a3cffacb012807458925b1b4ff5745f8f8447adb2f1cb9c1f64

Red Hat CodeReady Linux Builder for x86_64 9

SRPM
x86_64
xorg-x11-server-Xwayland-23.2.7-5.el9_7.i686.rpm	SHA-256: 519e2fc3dc21d9ad0345bc88e358147fe93f554a4878125fd7b76f0f185c735a
xorg-x11-server-Xwayland-debuginfo-23.2.7-5.el9_7.i686.rpm	SHA-256: 124cf445a18126926b6fbd4c38217cfc110edf627b7f49320c7334e4628a33ad
xorg-x11-server-Xwayland-debuginfo-23.2.7-5.el9_7.x86_64.rpm	SHA-256: b4b5564a7c30f086415d52d1ab131082aa5139fde29cae5e4f53f24d4c251aa5
xorg-x11-server-Xwayland-debugsource-23.2.7-5.el9_7.i686.rpm	SHA-256: b3d1224aa926333d16c905eecc47d7d847bcc0ddcd4265329d00eb5362f30beb
xorg-x11-server-Xwayland-debugsource-23.2.7-5.el9_7.x86_64.rpm	SHA-256: a40f44881830d84d946713bdd38d9590ccb4d25b023a2c92b67b4b7001a17e74
xorg-x11-server-Xwayland-devel-23.2.7-5.el9_7.i686.rpm	SHA-256: 8d8305dadb935d1ca9613945b562d29586328c467e0ab6903ec0677df4ad3253
xorg-x11-server-Xwayland-devel-23.2.7-5.el9_7.x86_64.rpm	SHA-256: 8fa3a8e91fea89ba0a03e022e928f948c78d21f81171447e95b7a709316f3ef7

Red Hat CodeReady Linux Builder for Power, little endian 9

SRPM
ppc64le
xorg-x11-server-Xwayland-debuginfo-23.2.7-5.el9_7.ppc64le.rpm	SHA-256: 06488b7e1012cfd564c139f743c7d0cebe7aaf4dff0c4b3487dd8a3e13b5042d
xorg-x11-server-Xwayland-debugsource-23.2.7-5.el9_7.ppc64le.rpm	SHA-256: 78568ada3bc81601251550d5d7599cdf60f0dfcd5160e868e3a70007b08a3bf3
xorg-x11-server-Xwayland-devel-23.2.7-5.el9_7.ppc64le.rpm	SHA-256: 937a8695a12f12e5fe4f20e65275f5a4bf2086616b005df2d4b1f5d42a7ccf15

Red Hat CodeReady Linux Builder for ARM 64 9

SRPM
aarch64
xorg-x11-server-Xwayland-debuginfo-23.2.7-5.el9_7.aarch64.rpm	SHA-256: bc100d2ac86adb177e7580254287f5478d060565537186ac9bfb72c99c2c2acd
xorg-x11-server-Xwayland-debugsource-23.2.7-5.el9_7.aarch64.rpm	SHA-256: 132344628e7f2a3cffacb012807458925b1b4ff5745f8f8447adb2f1cb9c1f64
xorg-x11-server-Xwayland-devel-23.2.7-5.el9_7.aarch64.rpm	SHA-256: b19be3816e4177b26e8a74a65a849e886e483581a47ad71537e287774ad152eb

Red Hat CodeReady Linux Builder for IBM z Systems 9

SRPM
s390x
xorg-x11-server-Xwayland-debuginfo-23.2.7-5.el9_7.s390x.rpm	SHA-256: 644b66caad2d95b9bd1896098531974631121678afcec517da4ff699c9a5098e
xorg-x11-server-Xwayland-debugsource-23.2.7-5.el9_7.s390x.rpm	SHA-256: c6abdf4991c1668e9c9f957ad3d902a6f03e61a416bd2870ae588a05c21c4e08
xorg-x11-server-Xwayland-devel-23.2.7-5.el9_7.s390x.rpm	SHA-256: d00d58cb8be18c3bcbdb8edfef917514db5a55616d6a8add188714050db148ac

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation