This update for xorg-x11-server fixes the following issues:
- CVE-2026-33999: XKB Integer Underflow in XkbSetCompatMap() (bsc#1260922).
- CVE-2026-34000: XKB Out-of-bounds Read in CheckSetGeom() (bsc#1260923).
- CVE-2026-34001: XSYNC Use-after-free in miSyncTriggerFence() (bsc#1260924).
- CVE-2026-34002: XKB Out-of-bounds read in CheckModifierMap() (bsc#1260925).
- CVE-2026-34003: XKB Buffer overflow in CheckKeyTypes() (bsc#1260926).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-567=1
- openSUSE Leap 16.0:
xorg-x11-server-21.1.15-160000.4.1
xorg-x11-server-Xvfb-21.1.15-160000.4.1
xorg-x11-server-extra-21.1.15-160000.4.1
xorg-x11-server-sdk-21.1.15-160000.4.1
xorg-x11-server-source-21.1.15-160000.4.1
xorg-x11-server-wrapper-21.1.15-160000.4.1
* bsc#1260922
* bsc#1260923
* bsc#1260924
* bsc#1260925
* bsc#1260926
References:
* https://www.suse.com/security/cve/CVE-2026-33999.html
* https://www.suse.com/security/cve/CVE-2026-34000.html
* https://www.suse.com/security/cve/CVE-2026-34001.html
* https://www.suse.com/security/cve/CVE-2026-34002.html
* https://www.suse.com/security/cve/CVE-2026-34003.html
Get the latest Linux and open source security news straight to your inbox.