Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes

...

Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter()

...

CVE-2026-50261 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter()

A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter. A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or f...

EUVD-2026-34817

A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter. A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or f...

CVE-2026-50257

A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence. A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence and await that fence, then a second X connection...

Important: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

[SECURITY] Fedora 44 Update: xorg-x11-server-Xwayland-24.1.12-1.fc44

Xwayland is an X server for running X clients under Wayland...

openSUSE 16 Security Update : putty (openSUSE-SU-2026:20851-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20851-1 advisory. Changes in putty: - Update to release 0.84 Fixed a remotely triggerable double-free in RSA key exchange. Fixed a remotely triggerable crash assertion...

OPENSUSE-SU-2026:20851-1 Security update for putty

This update for putty fixes the following issues: Changes in putty: - Update to release 0.84 Fixed a remotely triggerable double-free in RSA key exchange. Fixed a remotely triggerable crash assertion failure - program termination in NIST ECDSA signature verification. Fixed marking of Telnet and...

PT-2026-48584

Уязвимость интерфейса libinput-device-group библиотеки libinput реализации протоколов серверов отображения X.Org и Wayland связана с неверным управлением генерацией кода. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии до уровня root и выполнить произвольный код...

RLSA-2026:19343 Important: xorg-x11-server security update

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fixes: xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling...

xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption

A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially...

Astra Linux - уязвимость в wayland

An internal reference count is maintained on the buffer pool; this count increments every time a new buffer is created from the pool. The reference count is stored as an integer. On LP64 systems, this can lead to an overflow if the client creates a large number of wlshm buffer objects, or if it...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/vmwgfx: Unmap the surface before resetting it on a plane state Switching to a new plane state requires unreferencing all held surfaces. In the work required for mob cursors, the mapped surfaces started being cached, but th...

Astra Linux - уязвимость в chromium

Before version 101.0.4951.41, using free after in the Ozone browser extension in Google Chrome allowed a remote attacker to potentially exploit heap corruption by running a Wayland test...

Astra Linux - уязвимость в xwayland, xorg-server

A flaw was discovered in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests...

Astra Linux - уязвимость в xorg-server, xwayland

A buffer overflow vulnerability was discovered in X.Org and Xwayland. The function GetBarrierDevice searches for the pointer device based on its device ID and returns the matching value, or NULL, if no match is found. However, if no matching device ID is found, the code will return the last eleme...

[SECURITY] Fedora 42 Update: xorg-x11-server-Xwayland-24.1.11-1.fc42

Xwayland is an X server for running X clients under Wayland...

OESA-2026-2143 xorg-x11-server-xwayland security update

Xwayland is an X server for running X clients under Wayland. %package devel Summary: Development package Requires: pkgconfig %description devel The development package provides the developmental files which are necessary for developing Wayland compositors using Xwayland. %prep %autosetup -n...

[SECURITY] Fedora 42 Update: emacs-30.2-2.fc42

GNU Emacs is a powerful, customizable, self-documenting, modeless text editor. It contains special code editing features, a scripting language elisp, and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for Wayland, using t...