Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
X Window Server Vulnerability: Untrusted Input Can Crash System
SUSE-SU-2026:1333-1
Summary
A security update for the X Window Server fixes several issues that could allow an attacker to crash the server or execute malicious code. This affects systems that use the X Window Server, which is commonly used for graphical user interfaces. To protect your system, apply the latest security update as soon as possible.
What to do
- Update xorg-x11-server to version 1.20.3-150400.38.68.1.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS | – | xorg-x11-server |
< 1.20.3-150400.38.68.1 Fix: upgrade to 1.20.3-150400.38.68.1
|
| SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS | – | xorg-x11-server |
< 1.20.3-150400.38.68.1 Fix: upgrade to 1.20.3-150400.38.68.1
|
| SUSE:Linux Enterprise Server 15 SP4-LTSS | – | xorg-x11-server |
< 1.20.3-150400.38.68.1 Fix: upgrade to 1.20.3-150400.38.68.1
|
| SUSE:Linux Enterprise Server for SAP Applications 15 SP4 | – | xorg-x11-server |
< 1.20.3-150400.38.68.1 Fix: upgrade to 1.20.3-150400.38.68.1
|
Original title
Security update for xorg-x11-server
Original description
This update for xorg-x11-server fixes the following issues:
- CVE-2026-33999: XKB integer underflow in XkbSetCompatMap() (bsc#1260922).
- CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom() (bsc#1260923).
- CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence() (bsc#1260924).
- CVE-2026-34002: XKB out-of-bounds read in CheckModifierMap() (bsc#1260925).
- CVE-2026-34003: XKB buffer overflow in CheckKeyTypes() (bsc#1260926).
- CVE-2026-33999: XKB integer underflow in XkbSetCompatMap() (bsc#1260922).
- CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom() (bsc#1260923).
- CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence() (bsc#1260924).
- CVE-2026-34002: XKB out-of-bounds read in CheckModifierMap() (bsc#1260925).
- CVE-2026-34003: XKB buffer overflow in CheckKeyTypes() (bsc#1260926).
- https://www.suse.com/support/update/announcement/2026/suse-su-20261333-1/ Vendor Advisory
- https://bugzilla.suse.com/1260922 Third Party Advisory
- https://bugzilla.suse.com/1260923 Third Party Advisory
- https://bugzilla.suse.com/1260924 Third Party Advisory
- https://bugzilla.suse.com/1260925 Third Party Advisory
- https://bugzilla.suse.com/1260926 Third Party Advisory
- https://www.suse.com/security/cve/CVE-2026-33999 URL
- https://www.suse.com/security/cve/CVE-2026-34000 URL
- https://www.suse.com/security/cve/CVE-2026-34001 URL
- https://www.suse.com/security/cve/CVE-2026-34002 URL
- https://www.suse.com/security/cve/CVE-2026-34003 URL
Published: 14 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026