Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE 15 SP6: 2025:0729-1 critical: xwayland buffer overflow

suse
Calendar Grey February 26, 2025
Dist Suse Esm H88
This critical notification outlines enhancements for xwayland aimed at rectifying various security vulnerabilities and bolstering overall system defense.
* bsc#1237427 * bsc#1237429 * bsc#1237430 * bsc#1237431 * bsc#1237432

Summary

## This update for xwayland fixes the following issues: * CVE-2025-26594: Use-after-free of the root cursor (bsc#1237427). * CVE-2025-26595: Buffer overflow in XkbVModMaskText() (bsc#1237429). * CVE-2025-26596: Heap overflow in XkbWriteKeySyms() (bsc#1237430). * CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey() (bsc#1237431). * CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient() (bsc#1237432). * CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow() (bsc#1237433). * CVE-2025-26600: Use-after-free in PlayReleasedEvents() (bsc#1237434). * CVE-2025-26601: Use-after-free in SyncInitTrigger() (bsc#1237435). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like

Topics%20covered

Topics Covered

security advisory security issue buffer overflow critical important heap overflow SUSE SUSE Linux openSUSE out-of-bounds write xwayland

References

* bsc#1237427

* bsc#1237429

* bsc#1237430

* bsc#1237431

* bsc#1237432

* bsc#1237433

* bsc#1237434

* bsc#1237435

Cross-

* CVE-2025-26594

* CVE-2025-26595

* CVE-2025-26596

* CVE-2025-26597

* CVE-2025-26598

* CVE-2025-26599

* CVE-2025-26600

* CVE-2025-26601

CVSS scores:

* CVE-2025-26594 ( SUSE ): 7.3

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

* CVE-2025-26594 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

* CVE-2025-26594 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-26595 ( SUSE ): 6.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

* CVE-2025-26595 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

* CVE-2025-26595 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:0729-1
Release Date: 2025-02-26T14:14:35Z
Rating: important

Topics%20covered

Topics Covered

security advisory security issue buffer overflow critical important heap overflow SUSE SUSE Linux openSUSE out-of-bounds write xwayland

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here