{"id":"CLSA-2025-1763651916","summary":"xorg-x11-server-Xwayland: Fix of 4 CVEs","details":"- CVE-2023-1393: fix use-after-free in compositor overlay window by clearing\n  dangling COW pointer\n- CVE-2024-31080: prevent heap over-read in ProcXIGetSelectedEvents() caused\n  by using byte-swapped length values in replies.\n- CVE-2024-31081: fix buffer over-read in ProcXIPassiveGrabDevice by using correct\n  unswapped length for replies\n- CVE-2025-26600: fix use-after-free by clearing pending events when\n  removing a frozen device","modified":"2026-06-01T00:31:20.339991879Z","published":"2025-11-20T15:18:39Z","upstream":["CVE-2023-1393","CVE-2024-31080","CVE-2024-31081","CVE-2025-26600"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/almalinux9.2esu/CLSA-2025-1763651916.html"}],"affected":[{"package":{"name":"xorg-x11-server-Xwayland","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/xorg-x11-server-Xwayland?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"21.1.3-7.el9.tuxcare.els9"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1763651916.json"}},{"package":{"name":"xorg-x11-server-Xwayland-devel","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/xorg-x11-server-Xwayland-devel?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"21.1.3-7.el9.tuxcare.els9"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1763651916.json"}}],"schema_version":"1.7.5"}