Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Xorg Server Security Update for XKB and XSync
Summary
This security update fixes several critical issues in the Xorg server that could allow an attacker to read or write sensitive data, or crash the system, by manipulating XKB and XSync settings. If left unpatched, these vulnerabilities could be exploited by an attacker to gain unauthorized access or disrupt system functionality. We strongly recommend applying the latest update to ensure the security and stability of your Xorg server.
What to do
- Update xorg-x11-server to version 21.1.11-150600.5.25.1.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| SUSE:Linux Enterprise Server 15 SP6-LTSS | – | xorg-x11-server |
< 21.1.11-150600.5.25.1 Fix: upgrade to 21.1.11-150600.5.25.1
|
| SUSE:Linux Enterprise Server for SAP Applications 15 SP6 | – | xorg-x11-server |
< 21.1.11-150600.5.25.1 Fix: upgrade to 21.1.11-150600.5.25.1
|
| openSUSE:Leap 15.6 | – | xorg-x11-server |
< 21.1.11-150600.5.25.1 Fix: upgrade to 21.1.11-150600.5.25.1
|
Original title
Security update for xorg-x11-server
Original description
This update for xorg-x11-server fixes the following issues:
- CVE-2026-33999: XKB integer underflow in XkbSetCompatMap() (bsc#1260922).
- CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom() (bsc#1260923).
- CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence() (bsc#1260924).
- CVE-2026-34002: XKB out-of-bounds read in CheckModifierMap() (bsc#1260925).
- CVE-2026-34003: XKB buffer overflow in CheckKeyTypes() (bsc#1260926).
- CVE-2026-33999: XKB integer underflow in XkbSetCompatMap() (bsc#1260922).
- CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom() (bsc#1260923).
- CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence() (bsc#1260924).
- CVE-2026-34002: XKB out-of-bounds read in CheckModifierMap() (bsc#1260925).
- CVE-2026-34003: XKB buffer overflow in CheckKeyTypes() (bsc#1260926).
- https://www.suse.com/support/update/announcement/2026/suse-su-20261331-1/ Vendor Advisory
- https://bugzilla.suse.com/1260922 Third Party Advisory
- https://bugzilla.suse.com/1260923 Third Party Advisory
- https://bugzilla.suse.com/1260924 Third Party Advisory
- https://bugzilla.suse.com/1260925 Third Party Advisory
- https://bugzilla.suse.com/1260926 Third Party Advisory
- https://www.suse.com/security/cve/CVE-2026-33999 URL
- https://www.suse.com/security/cve/CVE-2026-34000 URL
- https://www.suse.com/security/cve/CVE-2026-34001 URL
- https://www.suse.com/security/cve/CVE-2026-34002 URL
- https://www.suse.com/security/cve/CVE-2026-34003 URL
Published: 14 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026