Security update for libxkbfile SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:0818-1 Final 1 1 2025-03-10T13:59:44Z current 2025-03-10T13:59:44Z 2025-03-10T13:59:44Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libxkbfile This update for libxkbfile fixes the following issues: - CVE-2025-26595: Fixed buffer overflow in XkbVModMaskText() (bsc#1237429). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES12-SP5-EC2-SAP-BYOS-2025-818,Image SLES12-SP5-EC2-SAP-On-Demand-2025-818,SUSE-2025-818,SUSE-SLE-SERVER-12-SP5-LTSS-2025-818,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-818 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20250818-1/ Link for SUSE-SU-2025:0818-1 https://lists.suse.com/pipermail/sle-security-updates/2025-March/020494.html E-Mail link for SUSE-SU-2025:0818-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1237429 SUSE Bug 1237429 https://www.suse.com/security/cve/CVE-2025-26595/ SUSE CVE CVE-2025-26595 page Image SLES12-SP5-EC2-SAP-BYOS Image SLES12-SP5-EC2-SAP-On-Demand SUSE Linux Enterprise Server 12 SP5-LTSS SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libxkbfile1-1.0.8-12.3.1 libxkbfile-devel-1.0.8-12.3.1 libxkbfile-devel-32bit-1.0.8-12.3.1 libxkbfile-devel-64bit-1.0.8-12.3.1 libxkbfile1-32bit-1.0.8-12.3.1 libxkbfile1-64bit-1.0.8-12.3.1 libxkbfile1-1.0.8-12.3.1 as a component of Image SLES12-SP5-EC2-SAP-BYOS libxkbfile1-1.0.8-12.3.1 as a component of Image SLES12-SP5-EC2-SAP-On-Demand libxkbfile-devel-1.0.8-12.3.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libxkbfile1-1.0.8-12.3.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libxkbfile1-32bit-1.0.8-12.3.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libxkbfile-devel-1.0.8-12.3.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libxkbfile1-1.0.8-12.3.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libxkbfile1-32bit-1.0.8-12.3.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size. CVE-2025-26595 Image SLES12-SP5-EC2-SAP-BYOS:libxkbfile1-1.0.8-12.3.1 Image SLES12-SP5-EC2-SAP-On-Demand:libxkbfile1-1.0.8-12.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libxkbfile-devel-1.0.8-12.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libxkbfile1-1.0.8-12.3.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libxkbfile1-32bit-1.0.8-12.3.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libxkbfile-devel-1.0.8-12.3.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libxkbfile1-1.0.8-12.3.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libxkbfile1-32bit-1.0.8-12.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250818-1/ https://www.suse.com/security/cve/CVE-2025-26595.html CVE-2025-26595 https://bugzilla.suse.com/1237429 SUSE Bug 1237429