SUSE-SU-2025:0729-1

CVE-2025-26594: Use-after-free of the root cursor (bsc#1237427).
CVE-2025-26595: Buffer overflow in XkbVModMaskText() (bsc#1237429).
CVE-2025-26596: Heap overflow in XkbWriteKeySyms() (bsc#1237430).
CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey() (bsc#1237431).
CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient() (bsc#1237432).
CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow() (bsc#1237433).
CVE-2025-26600: Use-after-free in PlayReleasedEvents() (bsc#1237434).
CVE-2025-26601: Use-after-free in SyncInitTrigger() (bsc#1237435).

References

Affected packages

Name: xwayland
Purl: pkg:rpm/suse/xwayland&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

24.1.1-150600.5.9.1

{
    "binaries": [
        {
            "xwayland": "24.1.1-150600.5.9.1"
        }
    ]
}

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0729-1.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

24.1.1-150600.5.9.1

{
    "binaries": [
        {
            "xwayland": "24.1.1-150600.5.9.1",
            "xwayland-devel": "24.1.1-150600.5.9.1"
        }
    ]
}

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0729-1.json"