SecurityHome.eu [slackware-security] xorg-server (SSA:2025-168-01)

Home / mailings PDF

[slackware-security] xorg-server (SSA:2025-168-01)
Posted on 18 June 2025
Slackware Security
[slackware-security] xorg-server (SSA:2025-168-01)

New xorg-server packages are available for Slackware 15.0 and -current to
fix security issues.

Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/xorg-server-1.20.14-i586-16_slack15.0.txz: Rebuilt.
This update fixes security issues:
Out-of-bounds access in X Rendering extension (Animated cursors).
Integer overflow in Big Requests Extension.
Unprocessed client request via bytes to ignore.
Integer overflow in RandR extension (RRChangeProviderProperty).
These issues were discovered by Nils Emmerich and reported by Julian Suleder
via ERNW Vulnerability Disclosure.
For more information, see:
https://lists.x.org/archives/xorg/2025-June/062055.html
https://www.cve.org/CVERecord?id=CVE-2025-49175
https://www.cve.org/CVERecord?id=CVE-2025-49176
https://www.cve.org/CVERecord?id=CVE-2025-49178
https://www.cve.org/CVERecord?id=CVE-2025-49180
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-i586-16_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-i586-16_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-i586-16_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-i586-14_slack15.0.txz: Rebuilt.
This update fixes security issues:
Out-of-bounds access in X Rendering extension (Animated cursors).
Integer overflow in Big Requests Extension.
Unprocessed client request via bytes to ignore.
These issues were discovered by Nils Emmerich and reported by Julian Suleder
via ERNW Vulnerability Disclosure.
For more information, see:
https://lists.x.org/archives/xorg/2025-June/062055.html
https://www.cve.org/CVERecord?id=CVE-2025-49175
https://www.cve.org/CVERecord?id=CVE-2025-49176
https://www.cve.org/CVERecord?id=CVE-2025-49178
(* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-1.20.14-i586-16_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xephyr-1.20.14-i586-16_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xnest-1.20.14-i586-16_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xvfb-1.20.14-i586-16_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xwayland-21.1.4-i586-14_slack15.0.txz

Updated packages for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-1.20.14-x86_64-16_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xephyr-1.20.14-x86_64-16_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xnest-1.20.14-x86_64-16_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xvfb-1.20.14-x86_64-16_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xwayland-21.1.4-x86_64-14_slack15.0.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-21.1.17-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xephyr-21.1.17-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xnest-21.1.17-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xvfb-21.1.17-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xwayland-24.1.7-i686-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-21.1.17-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xephyr-21.1.17-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xnest-21.1.17-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xvfb-21.1.17-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xwayland-24.1.7-x86_64-1.txz

MD5 signatures:
+-------------+

Slackware 15.0 packages:
9aab4db9b15c94972dce2409535a178e xorg-server-1.20.14-i586-16_slack15.0.txz
de297e71c5f5854cce41a953668e8c88 xorg-server-xephyr-1.20.14-i586-16_slack15.0.txz
f81eedf1a4d5d6442b08d4e49fc2ff2a xorg-server-xnest-1.20.14-i586-16_slack15.0.txz
2da7f6126496af7243711afa44f0c322 xorg-server-xvfb-1.20.14-i586-16_slack15.0.txz
ab4e376c287fcf77044fc2aad0d88142 xorg-server-xwayland-21.1.4-i586-14_slack15.0.txz

Slackware x86_64 15.0 packages:
b851312a1aef3eeda753055e2c352fdf xorg-server-1.20.14-x86_64-16_slack15.0.txz
62495396cfd96eab939ce03a8c48941b xorg-server-xephyr-1.20.14-x86_64-16_slack15.0.txz
8b8bb87bdfcd3c5cf44b3afd2f0b2f1b xorg-server-xnest-1.20.14-x86_64-16_slack15.0.txz
95ff0b9bf2549a04c40e5860ef250ed5 xorg-server-xvfb-1.20.14-x86_64-16_slack15.0.txz
c3ffcadfa00dbfaff947b18674cf9e02 xorg-server-xwayland-21.1.4-x86_64-14_slack15.0.txz

Slackware -current packages:
09dff4c064e8837a353043d082f36b6a x/xorg-server-21.1.17-i686-1.txz
91ce040fc8f6db3448b973b9b5140e46 x/xorg-server-xephyr-21.1.17-i686-1.txz
2980bcf6829d6dcba459f2b9dd638ddd x/xorg-server-xnest-21.1.17-i686-1.txz
3c49d22f7eb751c2aaa5abf7cb0bc4de x/xorg-server-xvfb-21.1.17-i686-1.txz
6ba487f0cbad101cca0d9db6145ae134 x/xorg-server-xwayland-24.1.7-i686-1.txz

Slackware x86_64 -current packages:
99ceb1a271e6539ccce907973a11b23d x/xorg-server-21.1.17-x86_64-1.txz
3ab7acaeb61022730739663876d9a86c x/xorg-server-xephyr-21.1.17-x86_64-1.txz
af2a02189834d1b007cfe88178e81258 x/xorg-server-xnest-21.1.17-x86_64-1.txz
c1de4cc0d19fe489925dc75038f8ee32 x/xorg-server-xvfb-21.1.17-x86_64-1.txz
1f1659f0b506d9db913e26ab74cfcf9f x/xorg-server-xwayland-24.1.7-x86_64-1.txz

Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg xorg-server-*.txz

+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

TOP

Mailings :

Last 20

Exploits :

Last 20