Home / mailingsPDF  

[slackware-security] xorg-server (SSA:2026-154-04)

Posted on 04 June 2026
Slackware Security

[slackware-security] xorg-server (SSA:2026-154-04)

New xorg-server packages are available for Slackware 15.0 and -current to
fix security issues.


Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/xorg-server-1.20.14-i586-20_slack15.0.txz: Rebuilt.
This update fixes security issues:
Font Alias Stack-based Buffer Overflow.
XSYNC Use-After-Free in miSyncDestroyFence().
XKB Key Types Stack-based Buffer Overflow.
XKB SetMap Request Stack-based Buffer Overflow.
XSYNC Use-After-Free in FreeCounter().
XSYNC Use-After-Free in SyncChangeCounter().
GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write.
CreateSaverWindow Use-After-Free Information Disclosure.
DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write.
For more information, see:
https://lists.x.org/archives/xorg/2026-June/062239.html
Zero Day Initiative identifiers:
ZDI-CAN-30136
ZDI-CAN-30159
ZDI-CAN-30160
ZDI-CAN-30161
ZDI-CAN-30163
ZDI-CAN-30164
ZDI-CAN-30165
ZDI-CAN-30168
(* Security fix *)
patches/packages/xorg-server-xephyr-1.20.14-i586-20_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xnest-1.20.14-i586-20_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xvfb-1.20.14-i586-20_slack15.0.txz: Rebuilt.
patches/packages/xorg-server-xwayland-21.1.4-i586-18_slack15.0.txz: Rebuilt.
This update fixes security issues:
Font Alias Stack-based Buffer Overflow.
XSYNC Use-After-Free in miSyncDestroyFence().
XKB Key Types Stack-based Buffer Overflow.
XKB SetMap Request Stack-based Buffer Overflow.
XSYNC Use-After-Free in FreeCounter().
XSYNC Use-After-Free in SyncChangeCounter().
GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write.
CreateSaverWindow Use-After-Free Information Disclosure.
For more information, see:
https://lists.x.org/archives/xorg/2026-June/062239.html
Zero Day Initiative identifiers:
ZDI-CAN-30136
ZDI-CAN-30159
ZDI-CAN-30160
ZDI-CAN-30161
ZDI-CAN-30163
ZDI-CAN-30164
ZDI-CAN-30165
ZDI-CAN-30168
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-1.20.14-i586-20_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xephyr-1.20.14-i586-20_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xnest-1.20.14-i586-20_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xvfb-1.20.14-i586-20_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xwayland-21.1.4-i586-18_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-1.20.14-x86_64-20_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xephyr-1.20.14-x86_64-20_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xnest-1.20.14-x86_64-20_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xvfb-1.20.14-x86_64-20_slack15.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xwayland-21.1.4-x86_64-18_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-21.1.23-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xephyr-21.1.23-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xnest-21.1.23-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xvfb-21.1.23-i686-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xwayland-24.1.12-i686-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-21.1.23-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xephyr-21.1.23-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xnest-21.1.23-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xvfb-21.1.23-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xwayland-24.1.12-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 15.0 package:
cbfac0caca2fc2edd2228b857c15e2e9 xorg-server-1.20.14-i586-20_slack15.0.txz
989c3361e90dfd378821ea34e7751260 xorg-server-xephyr-1.20.14-i586-20_slack15.0.txz
06dd4ee0ce1689ee00e14b1766b31d5e xorg-server-xnest-1.20.14-i586-20_slack15.0.txz
2b1ed9bb753576011b1106d1d23b4321 xorg-server-xvfb-1.20.14-i586-20_slack15.0.txz
7f0369f809d460fc7dc1f6ea670fa3a3 xorg-server-xwayland-21.1.4-i586-18_slack15.0.txz

Slackware x86_64 15.0 package:
3549b9c524b4b2436be6e2e98a8bda08 xorg-server-1.20.14-x86_64-20_slack15.0.txz
46ee24c23d38fbb0553887380af8084b xorg-server-xephyr-1.20.14-x86_64-20_slack15.0.txz
83664609d51c656ce0de22db26b39a6f xorg-server-xnest-1.20.14-x86_64-20_slack15.0.txz
033150aaba698c643a1e83603fc954ce xorg-server-xvfb-1.20.14-x86_64-20_slack15.0.txz
7bb0e6fec7dd96f690a8a5da3d71fcc7 xorg-server-xwayland-21.1.4-x86_64-18_slack15.0.txz

Slackware -current package:
e3593e978a2b547489ef619c7f43418e x/xorg-server-21.1.23-i686-1.txz
cd72be47541994bc4daa892ce24b0822 x/xorg-server-xephyr-21.1.23-i686-1.txz
aa77f9979ebfc4695dd065b819e34c94 x/xorg-server-xnest-21.1.23-i686-1.txz
bebb97459412a7756dec668d20175f40 x/xorg-server-xvfb-21.1.23-i686-1.txz
9b89c94db354f501cce09a88458996c4 x/xorg-server-xwayland-24.1.12-i686-1.txz

Slackware x86_64 -current package:
192a9167288aab1a1cd01b853195e22f x/xorg-server-21.1.23-x86_64-1.txz
1c4cace35ff4c181ced324d04072d1c9 x/xorg-server-xephyr-21.1.23-x86_64-1.txz
079fe68315de3bf3fe8ed4474b4f6ca1 x/xorg-server-xnest-21.1.23-x86_64-1.txz
e8370dae55b2d59f4e8b10e707c9ac2a x/xorg-server-xvfb-21.1.23-x86_64-1.txz
631bad1a1d891e2f48224ad25a40d00f x/xorg-server-xwayland-24.1.12-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg xorg-server-*.txz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

 

TOP

Mailings :

Exploits :