Explore top 10 tips to secure your open-source projects now. Read More
×
This update for xwayland fixes the following issues
- CVE-2026-55999: missing bounds check in `glamor_font_get` can lead to a heap buffer overflow when a font loaded from
a malicious PCF file is processed (bsc#1268893).
- CVE-2026-56000: improper memory management in `CommonMakeCurrent` can lead to a heap use-after-free when an
interaction with a malicious client creating GLX contexts happens (bsc#1268894).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1194=1
- openSUSE Leap 16.0:
xwayland-24.1.6-160000.6.1
xwayland-devel-24.1.6-160000.6.1
* bsc#1268893
* bsc#1268894
References:
* https://www.suse.com/security/cve/CVE-2026-55999.html
* https://www.suse.com/security/cve/CVE-2026-56000.html
Get the latest Linux and open source security news straight to your inbox.