SUSE-SU-2025:0734-1
- Source
- https://www.suse.com/support/update/announcement/2025/suse-su-20250734-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0734-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2025:0734-1
- Related
- Published
- 2025-02-26T14:32:41Z
- Modified
- 2025-02-26T14:32:41Z
- Summary
- Security update for xorg-x11-server
- Details
-
This update for xorg-x11-server fixes the following issues:
- CVE-2025-26594: Use-after-free of the root cursor (bsc#1237427).
- CVE-2025-26595: Buffer overflow in XkbVModMaskText() (bsc#1237429).
- CVE-2025-26596: Heap overflow in XkbWriteKeySyms() (bsc#1237430).
- CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey() (bsc#1237431).
- CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient() (bsc#1237432).
- CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow() (bsc#1237433).
- CVE-2025-26600: Use-after-free in PlayReleasedEvents() (bsc#1237434).
- CVE-2025-26601: Use-after-free in SyncInitTrigger() (bsc#1237435).
- References
-
- https://www.suse.com/support/update/announcement/2025/suse-su-20250734-1/
- https://bugzilla.suse.com/1237427
- https://bugzilla.suse.com/1237429
- https://bugzilla.suse.com/1237430
- https://bugzilla.suse.com/1237431
- https://bugzilla.suse.com/1237432
- https://bugzilla.suse.com/1237433
- https://bugzilla.suse.com/1237434
- https://bugzilla.suse.com/1237435
- https://www.suse.com/security/cve/CVE-2025-26594
- https://www.suse.com/security/cve/CVE-2025-26595
- https://www.suse.com/security/cve/CVE-2025-26596
- https://www.suse.com/security/cve/CVE-2025-26597
- https://www.suse.com/security/cve/CVE-2025-26598
- https://www.suse.com/security/cve/CVE-2025-26599
- https://www.suse.com/security/cve/CVE-2025-26600
- https://www.suse.com/security/cve/CVE-2025-26601
Affected packages
SUSE:Linux Enterprise Server 12 SP5-LTSS / xorg-x11-server
Package
- Name
- xorg-x11-server
- Purl
- pkg:rpm/suse/xorg-x11-server&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS