Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
X Server Update Fixes Multiple Security Risks
SUSE-SU-2026:1332-1
Summary
This update addresses four security risks in the X server that could allow an attacker to access or disrupt your system. If left unpatched, these issues could potentially allow an attacker to read or corrupt sensitive data, or even take control of your system. To stay protected, make sure to install the latest update for the X server on your system.
What to do
- Update xorg-x11-server to version 1.19.6-10.99.1.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| SUSE:Linux Enterprise Server 12 SP5-LTSS | – | xorg-x11-server |
< 1.19.6-10.99.1 Fix: upgrade to 1.19.6-10.99.1
|
| SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 | – | xorg-x11-server |
< 1.19.6-10.99.1 Fix: upgrade to 1.19.6-10.99.1
|
Original title
Security update for xorg-x11-server
Original description
This update for xorg-x11-server fixes the following issues:
- CVE-2026-33999: XKB integer underflow in XkbSetCompatMap() (bsc#1260922).
- CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom() (bsc#1260923).
- CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence() (bsc#1260924).
- CVE-2026-34002: XKB out-of-bounds read in CheckModifierMap() (bsc#1260925).
- CVE-2026-34003: XKB buffer overflow in CheckKeyTypes() (bsc#1260926).
- CVE-2026-33999: XKB integer underflow in XkbSetCompatMap() (bsc#1260922).
- CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom() (bsc#1260923).
- CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence() (bsc#1260924).
- CVE-2026-34002: XKB out-of-bounds read in CheckModifierMap() (bsc#1260925).
- CVE-2026-34003: XKB buffer overflow in CheckKeyTypes() (bsc#1260926).
- https://www.suse.com/support/update/announcement/2026/suse-su-20261332-1/ Vendor Advisory
- https://bugzilla.suse.com/1260922 Third Party Advisory
- https://bugzilla.suse.com/1260923 Third Party Advisory
- https://bugzilla.suse.com/1260924 Third Party Advisory
- https://bugzilla.suse.com/1260925 Third Party Advisory
- https://bugzilla.suse.com/1260926 Third Party Advisory
- https://www.suse.com/security/cve/CVE-2026-33999 URL
- https://www.suse.com/security/cve/CVE-2026-34000 URL
- https://www.suse.com/security/cve/CVE-2026-34001 URL
- https://www.suse.com/security/cve/CVE-2026-34002 URL
- https://www.suse.com/security/cve/CVE-2026-34003 URL
Published: 14 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026