A security update for the xorg-server has been released for Slackware, addressing multiple vulnerabilities that could potentially compromise the system. The updates apply to both Slackware 15.0 and the current version of Slackware.
- Affected Packages:
- xorg-server
- xorg-server-xephyr
- xorg-server-xnest
- xorg-server-xvfb
- xorg-server-xwayland
1. Out-of-bounds access in the X Rendering extension related to animated cursors.
2. Integer overflow in the Big Requests Extension.
3. Unprocessed client request leading to bytes being ignored.
4. Integer overflow in the RandR extension (RRChangeProviderProperty).
These vulnerabilities were discovered by Nils Emmerich and reported by Julian Suleder via ERNW Vulnerability Disclosure.
- Slackware mailing list archives
- CVE records for the reported vulnerabilities (CVE-2025-49175, CVE-2025-49176, CVE-2025-49178, CVE-2025-49180)
- For Slackware 15.0 (i586 and x86_64)
- [xorg-server](ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-1.20.14-i586-16_slack15.0.txz)
- For Slackware -current (i686 and x86_64)
- [xorg-server](ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-21.1.17-i686-1.txz)
Summary of the Update
- Release Identifier: xorg-server (SSA:2025-168-01)- Affected Packages:
- xorg-server
- xorg-server-xephyr
- xorg-server-xnest
- xorg-server-xvfb
- xorg-server-xwayland
Security Issues Fixed
The update resolves the following critical security issues:1. Out-of-bounds access in the X Rendering extension related to animated cursors.
2. Integer overflow in the Big Requests Extension.
3. Unprocessed client request leading to bytes being ignored.
4. Integer overflow in the RandR extension (RRChangeProviderProperty).
These vulnerabilities were discovered by Nils Emmerich and reported by Julian Suleder via ERNW Vulnerability Disclosure.
Additional Information
For more details regarding the vulnerabilities, users can refer to:- Slackware mailing list archives
- CVE records for the reported vulnerabilities (CVE-2025-49175, CVE-2025-49176, CVE-2025-49178, CVE-2025-49180)
Installation
Users are encouraged to upgrade their packages to the latest versions using the following command as root:bashupgradepkg xorg-server-*.txz
Package Availability
The updated packages can be found at the following locations:- For Slackware 15.0 (i586 and x86_64)
- [xorg-server](ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-1.20.14-i586-16_slack15.0.txz)
- For Slackware -current (i686 and x86_64)
- [xorg-server](ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-21.1.17-i686-1.txz)
Community and Support
The Slackware project extends its gratitude to the OSU Open Source Lab for providing hosting services. For additional support and mirror sites, users can visit the Slackware website.Conclusion
It is crucial for users to promptly update their systems to mitigate any potential security risks associated with the identified vulnerabilities. Regular updates are essential for maintaining system integrity and securityXorg-Server update for Slackware
A xorg-server security update has been released for Slackware:
xorg-server (SSA:2025-168-01)
