Security update for xorg-x11-server SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:3865-1 Final 1 1 2025-10-30T13:40:16Z current 2025-10-30T13:40:16Z 2025-10-30T13:40:16Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xorg-x11-server This update for xorg-x11-server fixes the following issues: - Fixed use-after-free in XPresentNotify structures creation (CVE-2025-62229, bsc#1251958) - Fixed use-after-free in Xkb client resource removal (CVE-2025-62230, bsc#1251959) - Fixed value overflow in Xkb extension XkbSetCompatMap() (CVE-2025-62231, bsc#1251960) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/kiosk/xorg:latest-2025-3865,SUSE-2025-3865,SUSE-SLE-Module-Basesystem-15-SP7-2025-3865,SUSE-SLE-Module-Development-Tools-15-SP7-2025-3865 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20253865-1/ Link for SUSE-SU-2025:3865-1 https://lists.suse.com/pipermail/sle-security-updates/2025-October/023092.html E-Mail link for SUSE-SU-2025:3865-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1251958 SUSE Bug 1251958 https://bugzilla.suse.com/1251959 SUSE Bug 1251959 https://bugzilla.suse.com/1251960 SUSE Bug 1251960 https://www.suse.com/security/cve/CVE-2025-62229/ SUSE CVE CVE-2025-62229 page https://www.suse.com/security/cve/CVE-2025-62230/ SUSE CVE CVE-2025-62230 page https://www.suse.com/security/cve/CVE-2025-62231/ SUSE CVE CVE-2025-62231 page Container suse/kiosk/xorg:latest SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Module for Development Tools 15 SP7 xorg-x11-server-21.1.15-150700.5.11.1 xorg-x11-server-Xvfb-21.1.15-150700.5.11.1 xorg-x11-server-extra-21.1.15-150700.5.11.1 xorg-x11-server-sdk-21.1.15-150700.5.11.1 xorg-x11-server-source-21.1.15-150700.5.11.1 xorg-x11-server-21.1.15-150700.5.11.1 as a component of Container suse/kiosk/xorg:latest xorg-x11-server-Xvfb-21.1.15-150700.5.11.1 as a component of Container suse/kiosk/xorg:latest xorg-x11-server-21.1.15-150700.5.11.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 xorg-x11-server-Xvfb-21.1.15-150700.5.11.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 xorg-x11-server-extra-21.1.15-150700.5.11.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 xorg-x11-server-sdk-21.1.15-150700.5.11.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP7 A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service. CVE-2025-62229 Container suse/kiosk/xorg:latest:xorg-x11-server-21.1.15-150700.5.11.1 Container suse/kiosk/xorg:latest:xorg-x11-server-Xvfb-21.1.15-150700.5.11.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:xorg-x11-server-21.1.15-150700.5.11.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:xorg-x11-server-Xvfb-21.1.15-150700.5.11.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:xorg-x11-server-extra-21.1.15-150700.5.11.1 SUSE Linux Enterprise Module for Development Tools 15 SP7:xorg-x11-server-sdk-21.1.15-150700.5.11.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253865-1/ https://www.suse.com/security/cve/CVE-2025-62229.html CVE-2025-62229 https://bugzilla.suse.com/1251958 SUSE Bug 1251958 A flaw was discovered in the X.Org X server's X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect. CVE-2025-62230 Container suse/kiosk/xorg:latest:xorg-x11-server-21.1.15-150700.5.11.1 Container suse/kiosk/xorg:latest:xorg-x11-server-Xvfb-21.1.15-150700.5.11.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:xorg-x11-server-21.1.15-150700.5.11.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:xorg-x11-server-Xvfb-21.1.15-150700.5.11.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:xorg-x11-server-extra-21.1.15-150700.5.11.1 SUSE Linux Enterprise Module for Development Tools 15 SP7:xorg-x11-server-sdk-21.1.15-150700.5.11.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253865-1/ https://www.suse.com/security/cve/CVE-2025-62230.html CVE-2025-62230 https://bugzilla.suse.com/1251959 SUSE Bug 1251959 A flaw was identified in the X.Org X server's X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash. CVE-2025-62231 Container suse/kiosk/xorg:latest:xorg-x11-server-21.1.15-150700.5.11.1 Container suse/kiosk/xorg:latest:xorg-x11-server-Xvfb-21.1.15-150700.5.11.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:xorg-x11-server-21.1.15-150700.5.11.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:xorg-x11-server-Xvfb-21.1.15-150700.5.11.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:xorg-x11-server-extra-21.1.15-150700.5.11.1 SUSE Linux Enterprise Module for Development Tools 15 SP7:xorg-x11-server-sdk-21.1.15-150700.5.11.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253865-1/ https://www.suse.com/security/cve/CVE-2025-62231.html CVE-2025-62231 https://bugzilla.suse.com/1251960 SUSE Bug 1251960