Bug 2369954 (CVE-2025-49176)
| Summary: | CVE-2025-49176 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in Big Requests Extension | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | security-response-team |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2375554, 2375555, 2375556 | ||
| Bug Blocks: | |||
| Deadline: | 2025-06-17 | ||
|
Description
OSIDB Bzimport
2025-06-03 07:20:47 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:9304 https://access.redhat.com/errata/RHSA-2025:9304 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:9306 https://access.redhat.com/errata/RHSA-2025:9306 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:9305 https://access.redhat.com/errata/RHSA-2025:9305 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:9303 https://access.redhat.com/errata/RHSA-2025:9303 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:9392 https://access.redhat.com/errata/RHSA-2025:9392 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2025:9964 https://access.redhat.com/errata/RHSA-2025:9964 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:10258 https://access.redhat.com/errata/RHSA-2025:10258 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:10348 https://access.redhat.com/errata/RHSA-2025:10348 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support EXTENSION Via RHSA-2025:10342 https://access.redhat.com/errata/RHSA-2025:10342 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2025:10347 https://access.redhat.com/errata/RHSA-2025:10347 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Extended Update Support EXTENSION Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2025:10343 https://access.redhat.com/errata/RHSA-2025:10343 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Red Hat Enterprise Linux 8.6 Extended Update Support EXTENSION Via RHSA-2025:10346 https://access.redhat.com/errata/RHSA-2025:10346 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Red Hat Enterprise Linux 8.6 Extended Update Support EXTENSION Via RHSA-2025:10344 https://access.redhat.com/errata/RHSA-2025:10344 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2025:10360 https://access.redhat.com/errata/RHSA-2025:10360 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:10352 https://access.redhat.com/errata/RHSA-2025:10352 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support EXTENSION Via RHSA-2025:10349 https://access.redhat.com/errata/RHSA-2025:10349 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2025:10350 https://access.redhat.com/errata/RHSA-2025:10350 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:10351 https://access.redhat.com/errata/RHSA-2025:10351 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2025:10355 https://access.redhat.com/errata/RHSA-2025:10355 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2025:10356 https://access.redhat.com/errata/RHSA-2025:10356 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Red Hat Enterprise Linux 8.8 Extended Update Support EXTENSION Via RHSA-2025:10370 https://access.redhat.com/errata/RHSA-2025:10370 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Advanced Update Support Via RHSA-2025:10376 https://access.redhat.com/errata/RHSA-2025:10376 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2025:10375 https://access.redhat.com/errata/RHSA-2025:10375 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:10374 https://access.redhat.com/errata/RHSA-2025:10374 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2025:10378 https://access.redhat.com/errata/RHSA-2025:10378 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION Via RHSA-2025:10377 https://access.redhat.com/errata/RHSA-2025:10377 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:10381 https://access.redhat.com/errata/RHSA-2025:10381 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2025:10410 https://access.redhat.com/errata/RHSA-2025:10410 |