xwayland-24.1.8-4.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15684-1 Final 1 1 2025-10-29T00:00:00Z current 2025-10-29T00:00:00Z 2025-10-29T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z xwayland-24.1.8-4.1 on GA media These are all security issues fixed in the xwayland-24.1.8-4.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15684 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-62229/ SUSE CVE CVE-2025-62229 page https://www.suse.com/security/cve/CVE-2025-62230/ SUSE CVE CVE-2025-62230 page https://www.suse.com/security/cve/CVE-2025-62231/ SUSE CVE CVE-2025-62231 page openSUSE Tumbleweed xwayland-24.1.8-4.1 xwayland-devel-24.1.8-4.1 xwayland-24.1.8-4.1 as a component of openSUSE Tumbleweed xwayland-devel-24.1.8-4.1 as a component of openSUSE Tumbleweed A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service. CVE-2025-62229 openSUSE Tumbleweed:xwayland-24.1.8-4.1 openSUSE Tumbleweed:xwayland-devel-24.1.8-4.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-62229.html CVE-2025-62229 https://bugzilla.suse.com/1251958 SUSE Bug 1251958 A flaw was discovered in the X.Org X server's X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect. CVE-2025-62230 openSUSE Tumbleweed:xwayland-24.1.8-4.1 openSUSE Tumbleweed:xwayland-devel-24.1.8-4.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-62230.html CVE-2025-62230 https://bugzilla.suse.com/1251959 SUSE Bug 1251959 A flaw was identified in the X.Org X server's X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash. CVE-2025-62231 openSUSE Tumbleweed:xwayland-24.1.8-4.1 openSUSE Tumbleweed:xwayland-devel-24.1.8-4.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-62231.html CVE-2025-62231 https://bugzilla.suse.com/1251960 SUSE Bug 1251960