Slackware 15.0: SSA:2025-056-01 critical: xorg-server buffer overflow
slackware
February 25, 2025
New xorg-server packages are available for Slackware 15.0 and -current to fix security issues
Summary
Here are the details from the Slackware 15.0 ChangeLog: patches/packages/xorg-server-1.20.14-i586-15_slack15.0.txz: Rebuilt. This update fixes security issues: Use-after-free of the root cursor. Buffer overflow in XkbVModMaskText(). Heap overflow in XkbWriteKeySyms(). Buffer overflow in XkbChangeTypesOfKey(). Out-of-bounds write in CreatePointerBarrierClient(). Use of uninitialized pointer in compRedirectWindow(). Use-after-free in PlayReleasedEvents(). Use-after-free in SyncInitTrigger(). Thanks to Jan-Niklas Sohn and the Trend Micro Zero Day Initiative. For more information, see: https://lists.x.org/archives/xorg-announce/2025-February/003584.html https://www.cve.org/CVERecord?id=CVE-2025-26594 https://www.cve.org/CVERecord?id=CVE-2025-26595 https://www.cve.org/CVERecord?id=CVE-2025-26596 https://www.cve.org/CVERecord?id=CVE-2025-26597 https://www.cve.org/CVERecord?id=CVE-2025-26598
Read the Full Advisory
Where Find New Packages
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.
Updated packages for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-1.20.14-i586-15_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xephyr-1.20.14-i586-15_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xnest-1.20.14-i586-15_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xvfb-1.20.14-i586-15_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xwayland-21.1.4-i586-13_slack15.0.txz
Updated packages for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-1.20...
MD5 Signatures
Slackware 15.0 packages:
8b2a00250946582bc53746b3f491743d xorg-server-1.20.14-i586-15_slack15.0.txz
4eff3d9a3b08c13f2a40d3c6b71cc5a4 xorg-server-xephyr-1.20.14-i586-15_slack15.0.txz
6e840020eed850540636c03523887a47 xorg-server-xnest-1.20.14-i586-15_slack15.0.txz
ca56991de09f7111f87e88ee4fa58f9b xorg-server-xvfb-1.20.14-i586-15_slack15.0.txz
076198dfb3fa7e5f9fcb2b64f5528a60 xorg-server-xwayland-21.1.4-i586-13_slack15.0.txz
Slackware x86_64 15.0 packages:
934323846a4366720a2a37ae21eb4ec9 xorg-server-1.20.14-x86_64-15_slack15.0.txz
0d9e326ce99f677e5dbf305a4e3aebbd xorg-server-xephyr-1.20.14-x86_64-15_slack15.0.txz
dfd14afbd5f9804fe9b1e518b45f8083 xorg-server-xnest-1.20.14-x86_64-15_slack15.0.txz
c7bfd99abee0cac4729b45d8cd05d68c xorg-server-xvfb-1.20.14-x86_64-15_slack15.0.txz
c0ea58b086724599636ef679355c55d2 xorg-server-xwayland-21.1.4-x86_64-13_slack15.0.txz
Slackware -current packages:
eab0863a08ae095c64119fc8cc4a5afa x/xorg-server-21.1.16-i686-1.txz
3eacad7281aa5e782668f69b6a44224e x/xorg-server-xephyr-21.1.16-i686-1.txz
2f19621d0912615eab9843976751abba x/xorg-server-xnest-21.1.16-i686-1.txz
e3bd54412688f8b8e9fb34ef78e87929 x/xorg-server-xvfb-21.1.16-i686-1.txz
c7d738a2a8b5d9245b19b3513cb7aa6d x/xorg-server-xwayland-24.1.6-i686-1.txz
Slackware x86_64 -current packages:
93a1abbac0d812e14904623601e70226 x/xorg-server-21.1.16-x86_64-1.txz
60faeae9a2cb1a5aa5695fe4f97bf48e x/xorg-server-xephyr-21.1.16-x86_64-1.txz
3715306569b6f249380b211252fd7228 x/xorg-server-xnest-21.1.16-x86_64-1.txz
d0facb445205772467e66aea28cce6e2 x/xorg-server-xvfb-21.1.16-x86_64-1.txz
1705c5b858b0b9ccb5327a462338cb2b x/xorg-server-xwayland-24.1.6-x86_64-1.txz
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Installation Instructions
Installation instructions: Upgrade the packages as root: # upgradepkg xorg-server-*.txz
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!