Bug 34052 - x11-server, x11-server-xwayland and tigervnc new security issues CVE-2025-2659[4-9] and CVE-2025-2660[01]
Summary: x11-server, x11-server-xwayland and tigervnc new security issues CVE-2025-265...
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-64-OK MGA9-32-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2025-02-26 10:14 CET by Nicolas Salguero
Modified: 2025-03-03 22:40 CET (History)
5 users (show)

See Also:
Source RPM: x11-server-21.1.8-7.6.mga9.src.rpm, x11-server-xwayland-22.1.9-1.6.mga9.src.rpm, tigervnc-1.13.1-2.6.mga9.src.rpm
CVE: CVE-2025-26594, CVE-2025-26595, CVE-2025-26596, CVE-2025-26597, CVE-2025-26598, CVE-2025-26599, CVE-2025-26600, CVE-2025-26601
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2025-02-26 10:14:15 CET 
Those CVEs were announced here:
https://www.openwall.com/lists/oss-security/2025/02/25/1
Nicolas Salguero 2025-02-26 10:18:28 CET

Status comment: (none) => Fixed upstream in 21.1.16 and 24.1.6 and patches available from upstream
Assignee: bugsquad => nicolas.salguero
CVE: (none) => CVE-2025-26594, CVE-2025-26595, CVE-2025-26596, CVE-2025-26597, CVE-2025-26598, CVE-2025-26599, CVE-2025-26600, CVE-2025-26601
Whiteboard: (none) => MGA9TOO
Source RPM: (none) => x11-server-21.1.8-7.6.mga9.src.rpm, x11-server-xwayland-22.1.9-1.6.mga9.src.rpm, tigervnc-1.13.1-2.6.mga9.src.rpm

Comment 1 Nicolas Salguero 2025-02-26 11:32:40 CET 
Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Use-after-free of the root cursor. (CVE-2025-26594)

Buffer overflow in XkbVModMaskText(). (CVE-2025-26595)

Heap overflow in XkbWriteKeySyms(). (CVE-2025-26596)

Buffer overflow in XkbChangeTypesOfKey(). (CVE-2025-26597)

Out-of-bounds write in CreatePointerBarrierClient(). (CVE-2025-26598)

Use of uninitialized pointer in compRedirectWindow(). (CVE-2025-26599)

Use-after-free in PlayReleasedEvents(). (CVE-2025-26600)

Use-after-free in SyncInitTrigger(). (CVE-2025-26601)

References:
https://www.openwall.com/lists/oss-security/2025/02/25/1
========================

Updated packages in core/updates_testing:
========================
x11-server-21.1.8-7.7.mga9
x11-server-common-21.1.8-7.7.mga9
x11-server-devel-21.1.8-7.7.mga9
x11-server-source-21.1.8-7.7.mga9
x11-server-xephyr-21.1.8-7.7.mga9
x11-server-xnest-21.1.8-7.7.mga9
x11-server-xorg-21.1.8-7.7.mga9
x11-server-xvfb-21.1.8-7.7.mga9

x11-server-xwayland-22.1.9-1.7.mga9
x11-server-xwayland-devel-22.1.9-1.7.mga9

tigervnc-1.13.1-2.7.mga9
tigervnc-java-1.13.1-2.7.mga9
tigervnc-server-1.13.1-2.7.mga9
tigervnc-server-module-1.13.1-2.7.mga9

from SRPMS:
x11-server-21.1.8-7.7.mga9.src.rpm
x11-server-xwayland-22.1.9-1.7.mga9.src.rpm
tigervnc-1.13.1-2.7.mga9.src.rpm

Status: NEW => ASSIGNED
Version: Cauldron => 9
Assignee: nicolas.salguero => qa-bugs
Status comment: Fixed upstream in 21.1.16 and 24.1.6 and patches available from upstream => (none)
Whiteboard: MGA9TOO => (none)

Comment 2 Herman Viaene 2025-02-26 15:58:33 CET 
MGA9-64 Plasma on Compaq H000SB.
Installed whole bunch on one go without problems.
After installation, logged out and logged in again with Plasma X11. Looks good at first sight.

CC: (none) => herman.viaene

Comment 3 Herman Viaene 2025-02-26 16:18:41 CET 
Logged out and in again now with Plasma Wayland. Looks equally good.
# systemctl start vncserver
# systemctl -l status vncserver
● vncserver.service - LSB: Start TigerVNC server at boot time
     Loaded: loaded (/etc/rc.d/init.d/vncserver; generated)
     Active: active (exited) since Wed 2025-02-26 16:04:15 CET; 16s ago
       Docs: man:systemd-sysv-generator(8)
    Process: 139219 ExecStart=/etc/rc.d/init.d/vncserver start (code=exited, status=0/SUCCESS)
        CPU: 97ms

Feb 26 16:04:15 mach3.hviaene.thuis systemd[1]: Starting vncserver.service...
Feb 26 16:04:15 mach3.hviaene.thuis vncserver[139219]: Starting vncserver: [  OK  ]
Feb 26 16:04:15 mach3.hviaene.thuis systemd[1]: Started vncserver.service.
[root@mach3 ~]# vncpasswd
Password:
Verify:
Would you like to enter a view-only password (y/n)? n
A view-only password is not used
Opened ports 5800:5802/tcp and 5900:5902/tcp
As in the past, I cann't make any sense of this tigervnc. Trying to connect locally or from desktop, I always get error 111 Connection refused.
Giving up on that.
Comment 4 PC LX 2025-02-26 17:54:52 CET 
Installed and tested without issues.

Tested:
- local session, using sddm session manager;
- VirtIO plus SPICE;
- OpenGL, Vulkan;
- QEMU/KVM guests integration: clipboard sharing, screen resizing to match viewer window.


Host System: Mageia 9, x86_64, Plasma DE, AMD Ryzen 5 5600G with Radeon Graphics using amdpro driver.
Guest System: Mageia 9, x86_64, Plasma DE, QEMU/KVM guest, AMD Ryzen 5 5600G with Radeon Graphics, virtio plus SPICE.



$ uname -a
Linux jupiter-vm-mageia-9 6.6.79-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Fri Feb 21 17:45:39 UTC 2025 x86_64 GNU/Linux
$ rpm -qa | grep -P x11-server | sort
x11-server-common-21.1.8-7.7.mga9
x11-server-xorg-21.1.8-7.7.mga9
x11-server-xwayland-22.1.9-1.7.mga9

CC: (none) => mageia

Comment 5 PC LX 2025-02-26 18:10:37 CET 
Continuation of comment 4.

$ inxi -SMCGN
System:
  Host: jupiter-vm-mageia-9 Kernel: 6.6.79-desktop-1.mga9 arch: x86_64
    bits: 64
  Desktop: KDE Plasma v: 5.27.10 Distro: Mageia 9
Machine:
  Type: Kvm System: QEMU product: Standard PC (Q35 + ICH9, 2009) v: pc-q35-5.2
    serial: <superuser required>
  Mobo: N/A model: N/A serial: N/A UEFI: EDK II
    v: edk2-20221117gitfff6d81270b5-7.mga9 date: 11/17/2022
CPU:
  Info: 12x 1-core model: AMD Ryzen 5 5600G with Radeon Graphics bits: 64
    type: SMP cache: L2: 12x 512 KiB (6 MiB)
  Speed (MHz): avg: 3893 min/max: N/A cores: 1: 3893 2: 3893 3: 3893 4: 3893
    5: 3893 6: 3893 7: 3893 8: 3893 9: 3893 10: 3893 11: 3893 12: 3893
Graphics:
  Device-1: Red Hat Virtio 1.0 GPU driver: virtio-pci v: 1
  Display: x11 server: X.org v: 1.21.1.8 with: Xwayland v: 22.1.9 driver: X:
    loaded: modesetting,v4l gpu: virtio-pci resolution: 1920x932~75Hz
  API: EGL v: 1.5 drivers: kms_swrast,swrast
    platforms: gbm,x11,surfaceless,device
  API: OpenGL v: 4.5 vendor: mesa v: 24.2.8 renderer: llvmpipe (LLVM 15.0.6
    256 bits)
  API: Vulkan v: 1.3.231 drivers: llvmpipe surfaces: xcb,xlib
Network:
  Device-1: Red Hat Virtio 1.0 network driver: virtio-pci
Comment 6 katnatek 2025-02-26 19:42:06 CET 
RH x86_64


installing x11-server-common-21.1.8-7.7.mga9.x86_64.rpm x11-server-xwayland-22.1.9-1.7.mga9.x86_64.rpm x11-server-xorg-21.1.8-7.7.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/3: x11-server-common     ##################################################################################################
      2/3: x11-server-xwayland   ##################################################################################################
      3/3: x11-server-xorg       ##################################################################################################
      1/3: removing x11-server-xorg-21.1.8-7.6.mga9.x86_64
                                 ##################################################################################################
      2/3: removing x11-server-xwayland-22.1.9-1.6.mga9.x86_64
                                 ##################################################################################################
      3/3: removing x11-server-common-21.1.8-7.6.mga9.x86_64
                                 ##################################################################################################

Reboot 
Start lxqt 
Use the desktop some time
Looks good
Comment 7 katnatek 2025-02-26 20:06:42 CET 
RH x96_64 Plasma Wayland
Use the desktop some time
Looks good
Comment 8 PC LX 2025-02-26 20:43:38 CET 
Installed and tested without issues.

Tested:
- local session, using sddm session manager;
- PCI pass through to QEMU/KVM virtual machines;
- LXQt DE;
- OpenGL, Vulkan;
- Steam and games;
All OK.



System: Mageia 9, x86_64, LXQt DE, QEMU/KVM guest, AMD Ryzen 5 5600G with Radeon Graphics, PCI pass through of AMD RX 6500 XT using amdgpu driver.



$ uname -a
Linux jupiter-vm-mageia-9-jogos 6.6.79-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Fri Feb 21 17:45:39 UTC 2025 x86_64 GNU/Linux
$ rpm -qa | grep x11-server | sort
x11-server-common-21.1.8-7.7.mga9
x11-server-xorg-21.1.8-7.7.mga9
x11-server-xwayland-22.1.9-1.7.mga9
$ inxi -SMCGN
System:
  Host: jupiter-vm-mageia-9-jogos Kernel: 6.6.79-desktop-1.mga9 arch: x86_64
    bits: 64
  Desktop: LXQt v: 1.4.0 Distro: Mageia 9
Machine:
  Type: Kvm System: QEMU product: Standard PC (Q35 + ICH9, 2009) v: pc-q35-5.2
    serial: <superuser required>
  Mobo: N/A model: N/A serial: N/A UEFI: EDK II
    v: edk2-20221117gitfff6d81270b5-7.mga9 date: 11/17/2022
CPU:
  Info: 12x 1-core model: AMD Ryzen 5 5600G with Radeon Graphics bits: 64
    type: SMP cache: L2: 12x 512 KiB (6 MiB)
  Speed (MHz): avg: 3893 min/max: N/A cores: 1: 3893 2: 3893 3: 3893 4: 3893
    5: 3893 6: 3893 7: 3893 8: 3893 9: 3893 10: 3893 11: 3893 12: 3893
Graphics:
  Device-1: Advanced Micro Devices [AMD/ATI] Navi 24 [Radeon RX 6400/6500
    XT/6500M] driver: amdgpu v: kernel
  Display: x11 server: X.org v: 1.21.1.8 with: Xwayland v: 22.1.9 driver: X:
    loaded: amdgpu,v4l dri: radeonsi gpu: amdgpu resolution: 1920x1080~60Hz
  API: OpenGL v: 4.6 vendor: amd mesa v: 24.2.8 renderer: AMD Radeon RX
    6500 XT (radeonsi navi24 LLVM 15.0.6 DRM 3.54 6.6.79-desktop-1.mga9)
  API: Vulkan v: 1.3.231 drivers: radv,llvmpipe surfaces: xcb,xlib
  API: EGL Message: EGL data requires eglinfo. Check --recommends.
Network:
  Device-1: Red Hat Virtio 1.0 network driver: virtio-pci
Comment 9 katnatek 2025-02-26 20:48:05 CET 
RH i586
Test togheter libcap bug

installing x11-server-common-21.1.8-7.7.mga9.i586.rpm libcap-devel-2.52-5.1.mga9.i586.rpm libcap-utils-2.52-5.1.mga9.i586.rpm x11-server-xorg-21.1.8-7.7.mga9.i586.rpm x11-server-xwayland-22.1.9-1.7.mga9.i586.rpm libcap2-2.52-5.1.mga9.i586.rpm from //home/katnatek/qa-testing/i586
Preparing...                     #######################################################################################
      1/6: libcap2               #######################################################################################
      2/6: x11-server-common     #######################################################################################
      3/6: libcap-utils          #######################################################################################
      4/6: libcap-devel          #######################################################################################
      5/6: x11-server-xorg       #######################################################################################
      6/6: x11-server-xwayland   #######################################################################################
      1/6: removing libcap-devel-2.52-5.mga9.i586
                                 #######################################################################################
      2/6: removing libcap-utils-2.52-5.mga9.i586
                                 #######################################################################################
      3/6: removing x11-server-xwayland-22.1.9-1.6.mga9.i586
                                 #######################################################################################
      4/6: removing x11-server-xorg-21.1.8-7.6.mga9.i586
                                 #######################################################################################
      5/6: removing x11-server-common-21.1.8-7.6.mga9.i586
                                 #######################################################################################
      6/6: removing libcap2-2.52-5.mga9.i586
                                 #######################################################################################

Reboot
Start lxqt without issues
Comment 10 PC LX 2025-02-26 23:07:35 CET 
Installed and tested without issues.

Tested:
- local session, using sddm session manager;
- vncserver for VNC remote session;
- VNC remote session through ssh tunnel;
- Plasma DE and LXQt DE in both local and VNC remote sessions;
- vncserver started with systemd socket activation;
- VNC clients: KRDC, vncviewer, VncViewer.jar;
- reconnecting to VNC remote session;
- terminating VNC remote session.
- video decoding with VAAPI;
- Intel iGPU;
- OpenGL using glmark2;
- Vulkan using vkcube;
All OK.



System: Mageia 9, x86_64, Plasma DE, LXQt DE, VNC server, Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz, Intel iGPU Xeon E3-1200 using i915 driver.



$ uname -a
Linux marte 6.6.79-server-1.mga9 #1 SMP PREEMPT_DYNAMIC Wed Feb 12 23:07:28 UTC 2025 x86_64 GNU/Linux
$ rpm -qa | grep -P 'x11-server|tigervnc' | sort
tigervnc-server-1.13.1-2.7.mga9
x11-server-common-21.1.8-7.7.mga9
x11-server-xorg-21.1.8-7.7.mga9
x11-server-xwayland-22.1.9-1.7.mga9
$ inxi -SMCGN
System:
  Host: marte Kernel: 6.6.79-server-1.mga9 arch: x86_64 bits: 64
  Desktop: KDE Plasma v: 5.27.10 Distro: Mageia 9
Machine:
  Type: Desktop System: Hewlett-Packard product: HP EliteDesk 800 G1 SFF
    v: N/A serial: <superuser required>
  Mobo: Hewlett-Packard model: 1998 serial: <superuser required>
    UEFI: Hewlett-Packard v: L01 v02.65 date: 07/13/2015
CPU:
  Info: quad core model: Intel Core i5-4590 bits: 64 type: MCP cache:
    L2: 1024 KiB
  Speed (MHz): avg: 1035 min/max: 800/3700 cores: 1: 1035 2: 1035 3: 1035
    4: 1035
Graphics:
  Device-1: Intel Xeon E3-1200 v3/4th Gen Core Processor Integrated Graphics
    driver: i915 v: kernel
  Display: x11 server: X.org v: 1.21.1.8 with: Xwayland v: 22.1.9 driver: X:
    loaded: intel,v4l dri: i965 gpu: i915 resolution: 1280x1024~60Hz
  API: EGL v: 1.5 drivers: crocus,swrast
    platforms: gbm,x11,surfaceless,device
  API: OpenGL v: 4.6 vendor: intel mesa v: 24.2.8 renderer: Mesa Intel HD
    Graphics 4600 (HSW GT2)
  API: Vulkan v: 1.3.231 drivers: intel,llvmpipe surfaces: xcb,xlib
Network:
  Device-1: Intel Ethernet I217-LM driver: e1000e
Comment 11 Morgan Leijström 2025-02-27 15:25:51 CET 
mga9-64 OK here on my workstation
Plasma X11, Firefox with video, various apps
In VirtualBox a MSW7 guest
suspend-resume

[morgan@svarten ~]$ inxi -SMCG
System:
  Host: svarten.tribun Kernel: 6.6.79-desktop-1.mga9 arch: x86_64 bits: 64
  Desktop: KDE Plasma v: 5.27.10 Distro: Mageia 9
Machine:
  Type: Desktop Mobo: ASRock model: P55 Pro serial: <superuser required>
    BIOS: American Megatrends v: P2.60 date: 08/20/2010
CPU:
  Info: quad core model: Intel Core i7 870 bits: 64 type: MT MCP cache:
    L2: 1024 KiB
  Speed (MHz): avg: 3213 min/max: 1200/2934 cores: 1: 3213 2: 3213 3: 3213
    4: 3213 5: 3213 6: 3213 7: 3213 8: 3213
Graphics:
  Device-1: Advanced Micro Devices [AMD/ATI] Navi 24 [Radeon RX 6400/6500
    XT/6500M] driver: amdgpu v: kernel
  Display: x11 server: X.org v: 1.21.1.8 with: Xwayland v: 22.1.9 driver: X:
    loaded: amdgpu,v4l dri: radeonsi gpu: amdgpu resolution: 3840x2160~60Hz
  API: EGL v: 1.5 drivers: kms_swrast,radeonsi,swrast
    platforms: gbm,x11,surfaceless,device
  API: OpenGL v: 4.6 vendor: amd mesa v: 24.3.4 renderer: AMD Radeon RX
    6400 (radeonsi navi24 LLVM 15.0.6 DRM 3.54 6.6.79-desktop-1.mga9)

CC: (none) => fri

Comment 12 Morgan Leijström 2025-02-28 16:50:28 CET 
Another x86_64 OK.

I forgot to say in previous comment i only test X11 on Plasma X11, and not tigervnc at all. Also it use mesa from testing.

Only updated 3 packages in this bug, to:
x11-server-common-21.1.8-7.7.mga9
x11-server-xwayland-22.1.9-1.7.mga9
x11-server-xorg-21.1.8-7.7.mga9

---

Same packages (incl mesa) and tests now on Acer Aspire 7:
Plasma X11, normal desktop apps, suspend-resume.  No surprises in journal.

Only using Intel GPU, nvidia not configured.

[kajsa@aspire ~]$ inxi -SMCG
System:
  Host: aspire Kernel: 6.6.79-desktop-1.mga9 arch: x86_64 bits: 64
  Desktop: KDE Plasma v: 5.27.10 Distro: Mageia 9
Machine:
  Type: Laptop System: Acer product: Aspire A717-71G v: V1.13
    serial: <superuser required>
  Mobo: KBL model: Charizard_KLS v: V1.13 serial: <superuser required>
    UEFI: Insyde v: 1.13 date: 12/26/2017
CPU:
  Info: quad core model: Intel Core i5-7300HQ bits: 64 type: MCP cache:
    L2: 1024 KiB
  Speed (MHz): avg: 800 min/max: 800/3500 cores: 1: 800 2: 800 3: 800 4: 800
Graphics:
  Device-1: Intel HD Graphics 630 driver: i915 v: kernel
  Device-2: NVIDIA GP107M [GeForce GTX 1050 Mobile] driver: nouveau
    v: kernel
  Device-3: Chicony Integrated HD WebCam driver: uvcvideo type: USB
  Display: x11 server: X.org v: 1.21.1.8 with: Xwayland v: 22.1.9 driver: X:
    loaded: intel,v4l dri: i965 gpu: i915 resolution: 1920x1080~60Hz
  API: EGL v: 1.5 drivers: iris,nouveau,swrast
    platforms: gbm,x11,surfaceless,device
  API: OpenGL v: 4.6 vendor: intel mesa v: 24.3.4 renderer: Mesa Intel HD
    Graphics 630 (KBL GT2)
  API: Vulkan v: 1.3.231 drivers: intel,llvmpipe surfaces: xcb,xlib
katnatek 2025-03-01 16:53:43 CET

Keywords: (none) => advisory

Comment 13 Thomas Andrews 2025-03-03 20:10:42 CET 
MGA9-32 on Foolishness, my Dell Inspiron 5100, P4, Radeon RV200 graphics, Xfce system.

No installation issues, and no ill effects noted after a few minutes of use.

Enough tests. Validating the update.

Keywords: (none) => validated_update
Whiteboard: (none) => MGA9-64-OK MGA9-32-OK
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 14 Mageia Robot 2025-03-03 22:40:14 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0086.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.