CLSA-2026-1778003374 tigervnc: Fix of 3 CVEs

CVE-2026-33999: fix buffer re-use in xkb XkbSetCompatMap that miscounted valid entries and could cause buffer overflow on subsequent SetCompatMap requests bundled xorg-server - CVE-2026-34001: fix use-after-free in miext/sync miSyncTriggerFence by retaining a ref on the SyncFence across the...

CLSA-2026-1777885651 tigervnc: Fix of 3 CVEs

CVE-2026-33999: fix buffer re-use in XkbSetCompatMap ELSCVE-122668 - CVE-2026-34001: fix use-after-free in miSyncTriggerFence ELSCVE-122664 - CVE-2026-34003: add bounds checking in CheckKeyTypes and companion helpers ELSCVE-122672...

Astra Linux - уязвимость в xwayland, xorg-server

A flaw was identified in the X.Org X server’s X Keyboard Xkb extension. Improper bounds checking in the XkbSetCompatMap function can lead to an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, resulting in memory corruption or a syste...

Amazon Linux 2023 : xorg-x11-server-Xwayland, xorg-x11-server-Xwayland-devel (ALAS2023-2026-1613)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1613 advisory. XKB Integer Underflow in XkbSetCompatMap CVE-2026-33999 XKB Out-of-bounds Read in CheckSetGeom CVE-2026-34000 XSYNC Use-after-free in miSyncTriggerFence CVE-2026-34001 XKB Out-of-bounds read i...

CVE-2026-33999

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...

CVE-2026-33999

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: xorg-x11-server (UTSA-2026-006141)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006141 advisory. A flaw was identified in the X.Org X servers X Keyboard Xkb extension where improper bounds checking in the XkbSetCompatMap function can cause an unsigned short...

AlmaLinux 8 : xorg-x11-server (ALSA-2025:19434)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:19434 advisory. xorg: xmayland: Use-after-free in XPresentNotify structure creation CVE-2025-62229 xorg: xwayland: Use-after-free in Xkb client resource removal...

Moderate: Red Hat Security Advisory: xorg-x11-server-Xwayland security update

An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

xorg: xmayland: Value overflow in XkbSetCompatMap()

A flaw was identified in the X.Org X server’s X Keyboard Xkb extension where improper bounds checking in the XkbSetCompatMap function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a cras...

xorg: xmayland: Value overflow in XkbSetCompatMap()

A flaw was identified in the X.Org X server’s X Keyboard Xkb extension where improper bounds checking in the XkbSetCompatMap function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a cras...

RHEL 9 : xorg-x11-server (RHSA-2025:22742)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22742 advisory. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical us...

xorg: xmayland: Value overflow in XkbSetCompatMap()

A flaw was identified in the X.Org X server’s X Keyboard Xkb extension where improper bounds checking in the XkbSetCompatMap function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a cras...

Moderate: Red Hat Security Advisory: xorg-x11-server security update

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability...

xorg: xmayland: Value overflow in XkbSetCompatMap()

A flaw was identified in the X.Org X server’s X Keyboard Xkb extension where improper bounds checking in the XkbSetCompatMap function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a cras...

xorg: xmayland: Value overflow in XkbSetCompatMap()

A flaw was identified in the X.Org X server’s X Keyboard Xkb extension where improper bounds checking in the XkbSetCompatMap function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a cras...

RHEL 8 : tigervnc (RHSA-2025:22164)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22164 advisory. Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine...

xorg: xmayland: Value overflow in XkbSetCompatMap()

A flaw was identified in the X.Org X server’s X Keyboard Xkb extension where improper bounds checking in the XkbSetCompatMap function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a cras...

Unity Linux 20.1060a / 20.1070a Security Update: tigervnc (UTSA-2025-990942)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990942 advisory. A flaw was identified in the X.Org X servers X Keyboard Xkb extension where improper bounds checking in the XkbSetCompatMap function can cause an unsigned short...

AlmaLinux 9 : xorg-x11-server (ALSA-2025:20961)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:20961 advisory. xorg: xmayland: Use-after-free in XPresentNotify structure creation CVE-2025-62229 xorg: xwayland: Use-after-free in Xkb client resource removal...