Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 602
Alerts This Week
Warning Icon 1 602

SUSE xwayland Important Buffer Overflow Use After Free Vuln 2026-2787-1

suse
Calendar Grey July 8, 2026
Dist Suse Esm H88
SUSE security update addresses important xwayland issues, fixing critical buffer overflow and memory management vulnerabilities.
An update that solves two vulnerabilities can now be installed.

Summary

## This update for xwayland fixes the following issues * CVE-2026-55999: missing bounds check in `glamor_font_get` can lead to a heap buffer overflow when a font loaded from a malicious PCF file is processed (bsc#1268893). * CVE-2026-56000: improper memory management in `CommonMakeCurrent` can lead to a heap use-after-free when an interaction with a malicious client creating GLX contexts happens (bsc#1268894). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-2787=1 ## Package List: * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64)

References

* bsc#1268893

* bsc#1268894

Cross-

* CVE-2026-55999

* CVE-2026-56000

CVSS scores:

* CVE-2026-55999 ( SUSE ): 7.3

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2026-55999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-55999 ( NVD ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

* CVE-2026-56000 ( SUSE ): 7.3

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2026-56000 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-56000 ( NVD ): 9.0

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* SUSE Linux Enterprise Desktop 15 SP7

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2787-1
Release Date: 2026-07-08T07:19:18Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.