openSUSE 15.4: 2025:0732-1 important: xorg-server buffer overflow

opensuse

February 26, 2025

An update that solves eight vulnerabilities can now be installed.

Description

This update for xorg-x11-server fixes the following issues:

* CVE-2025-26594: Use-after-free of the root cursor (bsc#1237427).

* CVE-2025-26595: Buffer overflow in XkbVModMaskText() (bsc#1237429).

* CVE-2025-26596: Heap overflow in XkbWriteKeySyms() (bsc#1237430).

* CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey() (bsc#1237431).

* CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient()

(bsc#1237432).

* CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow()

(bsc#1237433).

* CVE-2025-26600: Use-after-free in PlayReleasedEvents() (bsc#1237434).

* CVE-2025-26601: Use-after-free in SyncInitTrigger() (bsc#1237435).

Topics Covered

security advisory security update buffer overflow package update server important heap overflow xorg-x11 xorg-server openSUSE SUSE advisory

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4

zypper in -t patch SUSE-2025-732=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4

zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-732=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4

zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-732=1

* SUSE Linux Enterprise Server 15 SP4 LTSS

zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-732=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4

zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-732=1

* SUSE Manager Proxy 4.3

zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-732=1

* SUSE Manager Retail Branch Server 4.3

zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-

Server-4.3-2025-732=1

* SUSE Manager Server 4.3

zypper in -t patch...

Read the Full Advisory

Package List

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)

* xorg-x11-server-extra-1.20.3-150400.38.54.1

* xorg-x11-server-1.20.3-150400.38.54.1

* xorg-x11-server-debuginfo-1.20.3-150400.38.54.1

* xorg-x11-server-extra-debuginfo-1.20.3-150400.38.54.1

* xorg-x11-server-sdk-1.20.3-150400.38.54.1

* xorg-x11-server-debugsource-1.20.3-150400.38.54.1

* xorg-x11-server-source-1.20.3-150400.38.54.1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64

x86_64)

* xorg-x11-server-extra-1.20.3-150400.38.54.1

* xorg-x11-server-1.20.3-150400.38.54.1

* xorg-x11-server-debuginfo-1.20.3-150400.38.54.1

* xorg-x11-server-extra-debuginfo-1.20.3-150400.38.54.1

* xorg-x11-server-sdk-1.20.3-150400.38.54.1

* xorg-x11-server-debugsource-1.20.3-150400.38.54.1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64

x86_64)

* xorg-x11-server-extra-1.20.3-150400.38.54.1

* xorg-x11-server-1.20.3-150400.38.54.1

* xorg-x11-server-debuginfo-1.20.3-150400.38.54.1

*...

Read the Full Advisory

References

* bsc#1237427

* bsc#1237429

* bsc#1237430

* bsc#1237431

* bsc#1237432

* bsc#1237433

* bsc#1237434

* bsc#1237435

## References:

* https://www.suse.com/security/cve/CVE-2025-26594.html

* https://www.suse.com/security/cve/CVE-2025-26595.html

* https://www.suse.com/security/cve/CVE-2025-26596.html

* https://www.suse.com/security/cve/CVE-2025-26597.html

* https://www.suse.com/security/cve/CVE-2025-26598.html

* https://www.suse.com/security/cve/CVE-2025-26599.html

* https://www.suse.com/security/cve/CVE-2025-26600.html

* https://www.suse.com/security/cve/CVE-2025-26601.html

* https://bugzilla.suse.com/show_bug.cgi?id=1237427

* https://bugzilla.suse.com/show_bug.cgi?id=1237429

* https://bugzilla.suse.com/show_bug.cgi?id=1237430

* https://bugzilla.suse.com/show_bug.cgi?id=1237431

* https://bugzilla.suse.com/show_bug.cgi?id=1237432

* https://bugzilla.suse.com/show_bug.cgi?id=1237433

* https://bugzilla.suse.com/show_bug.cgi?id=1237434

* https://bugzilla.suse.com/show_bug.cgi?id=1237435

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2025:0732-1

Release Date: 2025-02-26T14:31:33Z

Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3

Topics Covered

security advisory security update buffer overflow package update server important heap overflow xorg-x11 xorg-server openSUSE SUSE advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE 15.4: 2025:0732-1 important: xorg-server buffer overflow

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE 15.4: 2025:0732-1 important: xorg-server buffer overflow

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!