XOrg Server 21.1.22 and Xwayland 24.1.10 Released with Multiple Security Fixes

Posted by hanuca on Apr 15, 2026 1:26 AM EDT
9to5linux.com; By Marcus Nestor 		Mail this story
Print this story

The XOrg Server 21.1.22 and Xwayland 24.1.10 display implementations have been released today, patched against multiple security vulnerabilities that could lead to use-after-free, out-of-bounds reads, buffer overflow, or integer underflow.

These releases are here to fix CVE-2026-33999, an XKB integer underflow in the XkbSetCompatMap() function that can lead to buffer read overrun when processing a future request if a “compat” buffer was previously truncated, leaving unused space in the buffer. The code in XkbSetCompatMap() will use that space, but fails to update the number of valid entries actually in the buffer.

Full Story

  Nav
» Read more about: Story Type: News Story; Groups: Linux

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.