Issued:: 2025-06-30
Updated:: 2025-06-30

RHSA-2025:9964 - Security Advisory

Overview
Updated Packages

Synopsis

Important: xorg-x11-server security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.

Security Fix(es):

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors (CVE-2025-49175)
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in Big Requests Extension (CVE-2025-49176)
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore (CVE-2025-49178)
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer overflow in X Record extension (CVE-2025-49179)
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension (CVE-2025-49180)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Fixes

BZ - 2369947 - CVE-2025-49175 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors
BZ - 2369954 - CVE-2025-49176 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in Big Requests Extension
BZ - 2369977 - CVE-2025-49178 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore
BZ - 2369978 - CVE-2025-49179 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer overflow in X Record extension
BZ - 2369981 - CVE-2025-49180 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
xorg-x11-server-1.20.6-4.el8_2.src.rpm	SHA-256: 48f86118f4e2e35b200d5998ca766d40e9e842f156549742ff5a7f5f6c50fa73
x86_64
xorg-x11-server-Xdmx-1.20.6-4.el8_2.x86_64.rpm	SHA-256: 457152389c0c0f18eda35b850aeb95593a0903a930cdc9b460a80bde067cb466
xorg-x11-server-Xdmx-debuginfo-1.20.6-4.el8_2.x86_64.rpm	SHA-256: 3416f247713dfd72a9a007a6984edfd12b20d300a9de4c78737495ef82fe9e2f
xorg-x11-server-Xephyr-1.20.6-4.el8_2.x86_64.rpm	SHA-256: 942d44104281a446e9d00da051241347d631b9a2bb56c84768c8015c92b218a6
xorg-x11-server-Xephyr-debuginfo-1.20.6-4.el8_2.x86_64.rpm	SHA-256: 82537d76f1620c035de7c6dc4b0617b8d49a2c9e29e12e125574873dbccc63ed
xorg-x11-server-Xnest-1.20.6-4.el8_2.x86_64.rpm	SHA-256: d519b33c8bf9a2dfbb29e05538cd5dd81dd12c001f7b4a523af9004cf9913542
xorg-x11-server-Xnest-debuginfo-1.20.6-4.el8_2.x86_64.rpm	SHA-256: 46473cb5c55e64f70639db08774358b518482443c8e215401ff1f0f0c02451fe
xorg-x11-server-Xorg-1.20.6-4.el8_2.x86_64.rpm	SHA-256: 1e68308ce166056cb67f2be44a2c30f83edc2c82b029240fcaff6856c462ec25
xorg-x11-server-Xorg-debuginfo-1.20.6-4.el8_2.x86_64.rpm	SHA-256: 0cf321c6560b9b266937d47b657fc1214c936ebe5a746fe468c663a8a8c8ccaf
xorg-x11-server-Xvfb-1.20.6-4.el8_2.x86_64.rpm	SHA-256: 6f54fc33597468927cf12e00ff8e1f31fc6e6a1385bd02fba17b5e5bc853e448
xorg-x11-server-Xvfb-debuginfo-1.20.6-4.el8_2.x86_64.rpm	SHA-256: f252b74d102a29a73b778d3f57a59b80aef8c1b233d80ff314453aa97e76c469
xorg-x11-server-Xwayland-1.20.6-4.el8_2.x86_64.rpm	SHA-256: 2305b5fe3a3ffec302d5883e3ddf56c49a11a82b812dfebc04af57018042ec0c
xorg-x11-server-Xwayland-debuginfo-1.20.6-4.el8_2.x86_64.rpm	SHA-256: 0b9749fc47b26f2e144f755b9f296f448602fb5848299ec0c507c8cdf74c4280
xorg-x11-server-common-1.20.6-4.el8_2.x86_64.rpm	SHA-256: 8efb0c8664eeaeef4ab289750d5d03e322f4c26fc0e70533c33b4ea7b135c13c
xorg-x11-server-debuginfo-1.20.6-4.el8_2.x86_64.rpm	SHA-256: a815cb6e1e59041ad943142bc3bfa8b939d8ae8758ef22a2f58dd4bb3a8c26bd
xorg-x11-server-debugsource-1.20.6-4.el8_2.x86_64.rpm	SHA-256: 73431076299c6911725e3dc1484d95867271c3af3a3248fd46507f50846ec3fb

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation