openSUSE 15 SP5: 2025:0731-1 important: xorg-x11-server buffer overflow

opensuse

February 26, 2025

An update that solves eight vulnerabilities can now be installed.

Description

This update for xorg-x11-server fixes the following issues:

* CVE-2025-26594: Use-after-free of the root cursor (bsc#1237427).

* CVE-2025-26595: Buffer overflow in XkbVModMaskText() (bsc#1237429).

* CVE-2025-26596: Heap overflow in XkbWriteKeySyms() (bsc#1237430).

* CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey() (bsc#1237431).

* CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient()

(bsc#1237432).

* CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow()

(bsc#1237433).

* CVE-2025-26600: Use-after-free in PlayReleasedEvents() (bsc#1237434).

* CVE-2025-26601: Use-after-free in SyncInitTrigger() (bsc#1237435).

Topics Covered

security advisory buffer overflow software update patch important xorg-x11-server openSUSE use-after-free Linux patch

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5

zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-731=1

* SUSE Linux Enterprise Server 15 SP5 LTSS

zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-731=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5

zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-731=1

* openSUSE Leap 15.5

zypper in -t patch SUSE-2025-731=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5

zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-731=1

Package List

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64

x86_64)

* xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.32.1

* xorg-x11-server-extra-21.1.4-150500.7.32.1

* xorg-x11-server-21.1.4-150500.7.32.1

* xorg-x11-server-debuginfo-21.1.4-150500.7.32.1

* xorg-x11-server-sdk-21.1.4-150500.7.32.1

* xorg-x11-server-debugsource-21.1.4-150500.7.32.1

* xorg-x11-server-extra-debuginfo-21.1.4-150500.7.32.1

* xorg-x11-server-Xvfb-21.1.4-150500.7.32.1

* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)

* xorg-x11-server-Xvfb-debuginfo-21.1.4-150500.7.32.1

* xorg-x11-server-extra-21.1.4-150500.7.32.1

* xorg-x11-server-21.1.4-150500.7.32.1

* xorg-x11-server-debuginfo-21.1.4-150500.7.32.1

* xorg-x11-server-sdk-21.1.4-150500.7.32.1

* xorg-x11-server-debugsource-21.1.4-150500.7.32.1

* xorg-x11-server-extra-debuginfo-21.1.4-150500.7.32.1

* xorg-x11-server-Xvfb-21.1.4-150500.7.32.1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)

*...

Read the Full Advisory

References

* bsc#1237427

* bsc#1237429

* bsc#1237430

* bsc#1237431

* bsc#1237432

* bsc#1237433

* bsc#1237434

* bsc#1237435

## References:

* https://www.suse.com/security/cve/CVE-2025-26594.html

* https://www.suse.com/security/cve/CVE-2025-26595.html

* https://www.suse.com/security/cve/CVE-2025-26596.html

* https://www.suse.com/security/cve/CVE-2025-26597.html

* https://www.suse.com/security/cve/CVE-2025-26598.html

* https://www.suse.com/security/cve/CVE-2025-26599.html

* https://www.suse.com/security/cve/CVE-2025-26600.html

* https://www.suse.com/security/cve/CVE-2025-26601.html

* https://bugzilla.suse.com/show_bug.cgi?id=1237427

* https://bugzilla.suse.com/show_bug.cgi?id=1237429

* https://bugzilla.suse.com/show_bug.cgi?id=1237430

* https://bugzilla.suse.com/show_bug.cgi?id=1237431

* https://bugzilla.suse.com/show_bug.cgi?id=1237432

* https://bugzilla.suse.com/show_bug.cgi?id=1237433

* https://bugzilla.suse.com/show_bug.cgi?id=1237434

* https://bugzilla.suse.com/show_bug.cgi?id=1237435

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2025:0731-1

Release Date: 2025-02-26T14:30:17Z

Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5

Topics Covered

security advisory buffer overflow software update patch important xorg-x11-server openSUSE use-after-free Linux patch

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE 15 SP5: 2025:0731-1 important: xorg-x11-server buffer overflow

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE 15 SP5: 2025:0731-1 important: xorg-x11-server buffer overflow

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!