Synopsis:
xorg-x11-server-xwayland security updateSummary:
An update for xorg-x11-server-xwayland is now available for openEuler-24.03-LTSDescription:
Xwayland is an X server for running X clients under Wayland. %package devel Summary: Development package Requires: pkgconfig %description devel The development package provides the developmental files which are necessary for developing Wayland compositors using Xwayland. %prep %autosetup -n xwayland- -p1 %build %meson \ -Dxwayland_eglstream=true \ -Ddefault_font_path="catalogue:/etc/X11/fontpath.d,built-ins" \ -Dbuilder_string="Build ID: -" \ -Dxkb_output_dir=/lib/xkb \ -Dxcsecurity=true \ -Dglamor=true \ -Ddri3=true %meson_build
Security Fix(es):
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.(CVE-2025-49176)Topic:
An update for xorg-x11-server-xwayland is now available for openEuler-24.03-LTS.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Severity:
HighAffected Component:
xorg-x11-server-xwayland
22.1.2-11.oe240322.1.2-11.oe240322.1.2-11.oe240322.1.2-11.oe2403Exploitability
AV:LAC:LPR:LUI:NScope
S:UImpact
C:LI:HA:H7.3/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H