{"schema_version":"1.7.2","id":"OESA-2026-2143","modified":"2026-05-03T09:55:56Z","published":"2026-05-03T09:55:56Z","upstream":["CVE-2025-49176"],"summary":"xorg-x11-server-xwayland security update","details":"Xwayland is an X server for running X clients under Wayland.   %package devel Summary: Development package Requires: pkgconfig   %description devel The development package provides the developmental files which are necessary for developing Wayland compositors using Xwayland.   %prep %autosetup -n xwayland- -p1   %build %meson \\         -Dxwayland_eglstream=true \\         -Ddefault_font_path="catalogue:/etc/X11/fontpath.d,built-ins" \\         -Dbuilder_string="Build ID:  -" \\         -Dxkb_output_dir=/lib/xkb \\         -Dxcsecurity=true \\         -Dglamor=true \\         -Ddri3=true   %meson_build\r\n\r\nSecurity Fix(es):\n\nA flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.(CVE-2025-49176)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"xorg-x11-server-xwayland","purl":"pkg:rpm/openEuler/xorg-x11-server-xwayland&distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"xorg-x11-server-Xwayland-22.1.2-10.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["xorg-x11-server-Xwayland-22.1.2-10.oe2203sp4.aarch64.rpm","xorg-x11-server-Xwayland-debuginfo-22.1.2-10.oe2203sp4.aarch64.rpm","xorg-x11-server-Xwayland-debugsource-22.1.2-10.oe2203sp4.aarch64.rpm","xorg-x11-server-Xwayland-devel-22.1.2-10.oe2203sp4.aarch64.rpm"],"src":["xorg-x11-server-Xwayland-22.1.2-10.oe2203sp4.src.rpm"],"x86_64":["xorg-x11-server-Xwayland-22.1.2-10.oe2203sp4.x86_64.rpm","xorg-x11-server-Xwayland-debuginfo-22.1.2-10.oe2203sp4.x86_64.rpm","xorg-x11-server-Xwayland-debugsource-22.1.2-10.oe2203sp4.x86_64.rpm","xorg-x11-server-Xwayland-devel-22.1.2-10.oe2203sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2143"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49176"}],"database_specific":{"severity":"High"}}