Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.313 Vulnerability Details CVEID:CVE-2025-49177 DESCRIPTION: A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a clie...

Azure Linux 3.0 Security Update: xorg-x11-server-Xwayland (CVE-2025-49177)

The version of xorg-x11-server-Xwayland installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-49177 advisory. - A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does n...

TencentOS Server 4: xorg-x11-server-Xwayland (TSSA-2025:0757)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0757 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

EUVD-2025-18499

Malicious code in bioql PyPI...

RLSA-2025:9304 Important: xorg-x11-server-Xwayland security update

Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors CVE-2025-49175 xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in Big Requests...

Linux Distros Unpatched Vulnerability : CVE-2025-49177

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended...

Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: data leak in xfixes extension's xfixessetclientdisconnectmode

...

Medium: xorg-x11-server-Xwayland

Issue Overview: A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash. CVE-2025-49175 A flaw was found in the Big Requests extension. The reque...

Medium: tigervnc

Issue Overview: A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash. CVE-2025-49175 A flaw was found in the Big Requests extension. The reque...

Amazon Linux 2023 : xorg-x11-server-common, xorg-x11-server-devel, xorg-x11-server-source (ALAS2023-2025-1061)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1061 advisory. A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and...

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Data Leak in XFIXES Extension's XFixesSetClientDisconnectMode

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests...

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Data Leak in XFIXES Extension's XFixesSetClientDisconnectMode

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests...

SUSE CVE-2025-49177

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests...

Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues: CVE-2025-49175: Out-of-bounds access in X Rendering extension Animated cursors bsc1244082. CVE-2025-49176: Integer overflow in Big Requests Extension bsc1244084. CVE-2025-49177: Data leak in XFIXES Extension 6 XFixesSetClientDisconnectMo...

CVE-2025-49177

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests...

CVE-2025-49177

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests...

DEBIAN-CVE-2025-49177

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests...

AZL-64271 CVE-2025-49177 affecting package xorg-x11-server-Xwayland for versions less than 24.1.6-2

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests...

CVE-2025-49177

CVE-2025-49177 affects the XFIXES extension in the X.Org/X server: the XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests. Practical impact is potential local information disclosure via memory reads. The c...

CVE-2025-49177

A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests. Mitigation Mitigation for this issue is either not available or the currently available options don't meet...