xorg-x11-server-Xwayland-24.1.9-4.el9_8

エラータID: AXSA:2026-1215:05

Release date: 
Wednesday, July 8, 2026 - 14:19
Subject: 
xorg-x11-server-Xwayland-24.1.9-4.el9_8
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

Xwayland is an X server for running X clients under Wayland.

Security Fix(es):

* xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling (CVE-2026-33999)
* xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption (CVE-2026-34001)
* xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access (CVE-2026-34003)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-33999
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts.
CVE-2026-34001
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system.
CVE-2026-34003
A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. xorg-x11-server-Xwayland-24.1.9-4.el9_8.src.rpm
    MD5: bf88babf026cf6991aa426388d1e195a
    SHA-256: 49624831b3cd7174a84689097db2fd3031efb17af1941d0542705eb5b332ca20
    Size: 1.27 MB

Asianux Server 9 for x86_64
  1. xorg-x11-server-Xwayland-24.1.9-4.el9_8.i686.rpm
    MD5: 641c8301165b00c8fd2d17a472824e6d
    SHA-256: a347ec90af09ff5a47fe4399333c8c38138e6527f780eabc44a80c133ebac9ec
    Size: 1.02 MB
  2. xorg-x11-server-Xwayland-24.1.9-4.el9_8.x86_64.rpm
    MD5: 2947db5957a3e2af6e4ce8195f72dfe5
    SHA-256: 2b4dfcfe900521698a0775cc8b47019d60d09fc38aabcbca74da6ac0367c3e11
    Size: 0.98 MB
  3. xorg-x11-server-Xwayland-devel-24.1.9-4.el9_8.i686.rpm
    MD5: 24fb8397776f6a3f02cbaa68f4e629dc
    SHA-256: a88dde1159c2798ee81d2381f077093510e596513e561dca37b865b7548dff6b
    Size: 8.98 kB
  4. xorg-x11-server-Xwayland-devel-24.1.9-4.el9_8.x86_64.rpm
    MD5: 1eb8ddc57a68cbb65e6b197535842feb
    SHA-256: 8b6847498bce06a4c55a66842ae3437880f82e07658984dda360b68352fa7bec
    Size: 8.96 kB