Mageia 9: MGASA-2025-0086 moderate: x11-server & tigervnc security issues
mageia
March 3, 2025
Use-after-free of the root cursor
Summary
Use-after-free of the root cursor. (CVE-2025-26594)
Buffer overflow in XkbVModMaskText(). (CVE-2025-26595)
Heap overflow in XkbWriteKeySyms(). (CVE-2025-26596)
Buffer overflow in XkbChangeTypesOfKey(). (CVE-2025-26597)
Out-of-bounds write in CreatePointerBarrierClient(). (CVE-2025-26598)
Use of uninitialized pointer in compRedirectWindow(). (CVE-2025-26599)
Use-after-free in PlayReleasedEvents(). (CVE-2025-26600)
Use-after-free in SyncInitTrigger(). (CVE-2025-26601)
References
- https://bugs.mageia.org/show_bug.cgi?id=34052
- https://www.openwall.com/lists/oss-security/2025/02/25/1
- https://www.cve.org/CVERecord?id=CVE-2025-26594
- https://www.cve.org/CVERecord?id=CVE-2025-26595
- https://www.cve.org/CVERecord?id=CVE-2025-26596
- https://www.cve.org/CVERecord?id=CVE-2025-26597
- https://www.cve.org/CVERecord?id=CVE-2025-26598
- https://www.cve.org/CVERecord?id=CVE-2025-26599
- https://www.cve.org/CVERecord?id=CVE-2025-26600
- https://www.cve.org/CVERecord?id=CVE-2025-26601
Topics Covered
Resolution
SRPMS
- 9/core/x11-server-21.1.8-7.7.mga9
- 9/core/x11-server-xwayland-22.1.9-1.7.mga9
- 9/core/tigervnc-1.13.1-2.7.mga9
PREVIOUS
NEXT
Publication date: 03 Mar 2025
URL: https://advisories.mageia.org/MGASA-2025-0086.html
Type: security
CVE: CVE-2025-26594,
CVE-2025-26595,
CVE-2025-26596,
CVE-2025-26597,
CVE-2025-26598,
CVE-2025-26599,
CVE-2025-26600,
CVE-2025-26601
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!