Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Critical update for X Window System server fixes multiple security risks
SUSE-SU-2026:1331-1
Summary
This update addresses several security issues in the X Window System server that allow attackers to cause a system crash, read sensitive data, or execute malicious code. These issues were discovered in the XKB keyboard layout handling and synchronization components. To stay protected, apply this update immediately.
What to do
- Update xorg-x11-server to version 21.1.11-150600.5.25.1.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| SUSE:Linux Enterprise Server 15 SP6-LTSS | – | xorg-x11-server |
< 21.1.11-150600.5.25.1 Fix: upgrade to 21.1.11-150600.5.25.1
|
| SUSE:Linux Enterprise Server for SAP Applications 15 SP6 | – | xorg-x11-server |
< 21.1.11-150600.5.25.1 Fix: upgrade to 21.1.11-150600.5.25.1
|
| openSUSE:Leap 15.6 | – | xorg-x11-server |
< 21.1.11-150600.5.25.1 Fix: upgrade to 21.1.11-150600.5.25.1
|
Original title
Security update for xorg-x11-server
Original description
This update for xorg-x11-server fixes the following issues:
- CVE-2026-33999: XKB integer underflow in XkbSetCompatMap() (bsc#1260922).
- CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom() (bsc#1260923).
- CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence() (bsc#1260924).
- CVE-2026-34002: XKB out-of-bounds read in CheckModifierMap() (bsc#1260925).
- CVE-2026-34003: XKB buffer overflow in CheckKeyTypes() (bsc#1260926).
- CVE-2026-33999: XKB integer underflow in XkbSetCompatMap() (bsc#1260922).
- CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom() (bsc#1260923).
- CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence() (bsc#1260924).
- CVE-2026-34002: XKB out-of-bounds read in CheckModifierMap() (bsc#1260925).
- CVE-2026-34003: XKB buffer overflow in CheckKeyTypes() (bsc#1260926).
- https://www.suse.com/support/update/announcement/2026/suse-su-20261331-1/ Vendor Advisory
- https://bugzilla.suse.com/1260922 Third Party Advisory
- https://bugzilla.suse.com/1260923 Third Party Advisory
- https://bugzilla.suse.com/1260924 Third Party Advisory
- https://bugzilla.suse.com/1260925 Third Party Advisory
- https://bugzilla.suse.com/1260926 Third Party Advisory
- https://www.suse.com/security/cve/CVE-2026-33999 URL
- https://www.suse.com/security/cve/CVE-2026-34000 URL
- https://www.suse.com/security/cve/CVE-2026-34001 URL
- https://www.suse.com/security/cve/CVE-2026-34002 URL
- https://www.suse.com/security/cve/CVE-2026-34003 URL
Published: 14 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026