Описание
Security update for xorg-x11-server
This update for xorg-x11-server fixes the following issues:
- Fixed use-after-free in XPresentNotify structures creation (CVE-2025-62229, bsc#1251958)
- Fixed use-after-free in Xkb client resource removal (CVE-2025-62230, bsc#1251959)
- Fixed value overflow in Xkb extension XkbSetCompatMap() (CVE-2025-62231, bsc#1251960)
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP6
SUSE Linux Enterprise Module for Development Tools 15 SP6
openSUSE Leap 15.6
Ссылки
- Link for SUSE-SU-2025:3872-1
- E-Mail link for SUSE-SU-2025:3872-1
- SUSE Security Ratings
- SUSE Bug 1251958
- SUSE Bug 1251959
- SUSE Bug 1251960
- SUSE CVE CVE-2025-62229 page
- SUSE CVE CVE-2025-62230 page
- SUSE CVE CVE-2025-62231 page
Описание
A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2025-62229
- SUSE Bug 1251958
Описание
A flaw was discovered in the X.Org X server's X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect.
Затронутые продукты
Ссылки
- CVE-2025-62230
- SUSE Bug 1251959
Описание
A flaw was identified in the X.Org X server's X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.
Затронутые продукты
Ссылки
- CVE-2025-62231
- SUSE Bug 1251960