oss-sec mailing list archives

Re: Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland


From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Wed, 15 Apr 2026 16:05:48 -0700

On 4/14/26 06:47, Olivier Fourdan wrote:
======================================================================
X.Org Security Advisory: April 14, 2026

Issues in X.Org X server prior to 21.1.22 and Xwayland prior to 24.1.10
======================================================================

Multiple issues have been found in the X server and Xwayland implementations
published by X.Org for which we are releasing security fixes for in
xorg-server-21.1.22 and xwayland-24.1.10.

Note that the releases include additional fixes that don't have CVEs assigned,
including hardening changes & fixing issues found by gcc's -fanalyzer, and
adds a SECURITY.md file covering X.Org's security reporting & announcement
processes, and the security model we use to evaluate reported issues,
so those concerned about security are recommended to adopt the entire
release, not just apply the patches for the CVEs.

https://gitlab.freedesktop.org/xorg/xserver/-/commits/xwayland-24.1
https://gitlab.freedesktop.org/xorg/xserver/-/commits/server-21.1-branch

--
     -Alan Coopersmith-              alan.coopersmith () oracle com
       X.Org Security Response Team - xorg-security () lists x org


Current thread: