Release date:
2026-06-26 14:33:49 UTC
Description:
- CVE-2026-50256: increase XLFDMAXFONTNAMELEN and add bounds checks in doListFontsAndAliases/doListFontsWithInfo to prevent stack buffer overflow via long fonts.alias targets
- CVE-2026-50257: fix use-after-free in miSyncDestroyFence by using safe list iteration and null-checking pTrigger before dereferencing
- CVE-2026-50258: reject XkbSetMap key types with numLevels exceeding XkbMaxShiftLevel to prevent stack buffer overflow in XkbKeyTypesForCoreSymbols
- CVE-2026-50259: clamp nMaps to XkbMaxLegalKeyCode+1 in CheckKeyTypes to prevent stack buffer overflow when XkbSetMapResizeTypes wraps
- CVE-2026-50260: fix use-after-free in FreeCounter by using safe list iteration, advancing list head before callback, and NULL-ing out shared trigger pointers in FreeAwait
- CVE-2026-50261: restart trigger list iteration in SyncChangeCounter after TriggerFired to avoid dereferencing freed sibling-trigger nodes
- CVE-2026-50262: fix reversed length check in GLX ChangeDrawableAttributes by using REQUEST_FIXED_SIZE to prevent out-of-bounds read/write
- CVE-2026-50263: re-fetch screen private after CheckScreenPrivate in CreateSaverWindow to avoid use-after-free on saver-window replacement
Updated packages:
-
xorg-x11-server-Xwayland-21.1.3-7.el9.tuxcare.els16.i686.rpm
sha:1c37b2437dd130c757c165dd9feda3e1ad97cc319824cc412543503280351521
-
xorg-x11-server-Xwayland-21.1.3-7.el9.tuxcare.els16.x86_64.rpm
sha:5329b668144e5244138399726eab68a0a8aba6c750e8cde7cd10c9409b484ec4
-
xorg-x11-server-Xwayland-devel-21.1.3-7.el9.tuxcare.els16.i686.rpm
sha:e1deebbf3000b982c1a1bdb49245383cd519af101d10624929e5b79b45508fe2
-
xorg-x11-server-Xwayland-devel-21.1.3-7.el9.tuxcare.els16.x86_64.rpm
sha:6dbda50086af1086683cdb31ecbb7562377f865c31d8916553675496e7c99287
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.