ALSA-2026:11656

[ALSA-2026:11656] Important: xorg-x11-server-Xwayland security update

Type:

security

Severity:

important

Release date:

2026-04-30

Description:

Xwayland is an X server for running X clients under Wayland.  

Security Fix(es):  

  * xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling (CVE-2026-33999)
  * xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption (CVE-2026-34001)
  * xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access (CVE-2026-34003)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	xorg-x11-server-Xwayland-21.1.3-20.el8_10.aarch64.rpm	405401d5e2b82c9bde7ee64b040e668548a2de8633111b6d0b1208138f1519f5
ppc64le	xorg-x11-server-Xwayland-21.1.3-20.el8_10.ppc64le.rpm	3269255cdb71cc98763c40f9a050a14e544f3cc7a4c56143bffa9069c37d425e
s390x	xorg-x11-server-Xwayland-21.1.3-20.el8_10.s390x.rpm	cb260a0f94126d888740135b9b7bff169225ea3bc660a20ef3ac441da72be94c
x86_64	xorg-x11-server-Xwayland-21.1.3-20.el8_10.x86_64.rpm	f35c428a6bb609c7297992dde6dbb5f02dd1597c478a0192fda3fdf2a1d3f947

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.