Security Update for xwayland: Fixed Critical Input and Data Handling Issues

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Security Update for xwayland: Fixed Critical Input and Data Handling Issues

SUSE-SU-2026:1328-1

Summary

This update addresses several security issues in xwayland that could allow an attacker to potentially execute malicious code or access sensitive data. The issues were found in the way xwayland handles keyboard input and data. To stay secure, update your xwayland software as soon as possible.

What to do

Update xwayland to version 24.1.5-150700.3.14.1.

Affected software

Ecosystem	Vendor	Product	Affected versions
SUSE:Linux Enterprise Workstation Extension 15 SP7	–	xwayland	< 24.1.5-150700.3.14.1 Fix: upgrade to 24.1.5-150700.3.14.1

Original title

Security update for xwayland

Original description

This update for xwayland fixes the following issues:

- CVE-2026-33999: XKB integer underflow in XkbSetCompatMap() (bsc#1260922).
- CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom() (bsc#1260923).
- CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence() (bsc#1260924).
- CVE-2026-34002: XKB out-of-bounds read in CheckModifierMap() (bsc#1260925).
- CVE-2026-34003: XKB buffer overflow in CheckKeyTypes() (bsc#1260926).

https://www.suse.com/support/update/announcement/2026/suse-su-20261328-1/ Vendor Advisory
https://bugzilla.suse.com/1260922 Third Party Advisory
https://bugzilla.suse.com/1260923 Third Party Advisory
https://bugzilla.suse.com/1260924 Third Party Advisory
https://bugzilla.suse.com/1260925 Third Party Advisory
https://bugzilla.suse.com/1260926 Third Party Advisory
https://www.suse.com/security/cve/CVE-2026-33999 URL
https://www.suse.com/security/cve/CVE-2026-34000 URL
https://www.suse.com/security/cve/CVE-2026-34001 URL
https://www.suse.com/security/cve/CVE-2026-34002 URL
https://www.suse.com/security/cve/CVE-2026-34003 URL

Published: 14 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026