CLSA-2025-1763647564

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1763647564.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2025-1763647564
Upstream
Published
2025-11-20T14:06:08Z
Modified
2026-06-01T00:31:27.101825235Z
Summary
xorg-x11-server-Xwayland: Fix of 3 CVEs
Details
  • CVE-2024-0409: fix incorrect cursor private key usage in Xwayland/Xephyr that caused XSELINUX devPrivates corruption
  • CVE-2025-26597: fix buffer overflow in XkbChangeTypesOfKey() by properly resizing key syms and actions when nGroups is zero
  • CVE-2025-26594: fix root cursor lifetime handling to prevent use-after-free and stale references
References

Affected packages

TuxCare:AlmaLinux:9.2 / xorg-x11-server-Xwayland

Package

Name
xorg-x11-server-Xwayland
Purl
pkg:rpm/tuxcare/xorg-x11-server-Xwayland?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
21.1.3-7.el9.tuxcare.els7

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1763647564.json"

TuxCare:AlmaLinux:9.2 / xorg-x11-server-Xwayland-devel

Package

Name
xorg-x11-server-Xwayland-devel
Purl
pkg:rpm/tuxcare/xorg-x11-server-Xwayland-devel?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
21.1.3-7.el9.tuxcare.els7

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1763647564.json"