Security update for xorg-x11-server SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:3909-1 Final 1 1 2025-11-02T12:16:51Z current 2025-11-02T12:16:51Z 2025-11-02T12:16:51Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xorg-x11-server This update for xorg-x11-server fixes the following issues: - Fixed use-after-free in XPresentNotify structures creation (CVE-2025-62229, bsc#1251958) * Fixed use-after-free in Xkb client resource removal (CVE-2025-62230, bsc#1251959) * Fixed value overflow in Xkb extension XkbSetCompatMap() (CVE-2025-62231, bsc#1251960) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-3909,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3909,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3909,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3909,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3909,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-3909,SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-3909 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20253909-1/ Link for SUSE-SU-2025:3909-1 https://lists.suse.com/pipermail/sle-security-updates/2025-November/023137.html E-Mail link for SUSE-SU-2025:3909-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1251958 SUSE Bug 1251958 https://bugzilla.suse.com/1251959 SUSE Bug 1251959 https://bugzilla.suse.com/1251960 SUSE Bug 1251960 https://www.suse.com/security/cve/CVE-2025-62229/ SUSE CVE CVE-2025-62229 page https://www.suse.com/security/cve/CVE-2025-62230/ SUSE CVE CVE-2025-62230 page https://www.suse.com/security/cve/CVE-2025-62231/ SUSE CVE CVE-2025-62231 page SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Manager Proxy LTS 4.3 SUSE Manager Server LTS 4.3 xorg-x11-server-1.20.3-150400.38.63.1 xorg-x11-server-extra-1.20.3-150400.38.63.1 xorg-x11-server-sdk-1.20.3-150400.38.63.1 xorg-x11-server-source-1.20.3-150400.38.63.1 xorg-x11-server-1.20.3-150400.38.63.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS xorg-x11-server-extra-1.20.3-150400.38.63.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS xorg-x11-server-sdk-1.20.3-150400.38.63.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS xorg-x11-server-1.20.3-150400.38.63.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS xorg-x11-server-extra-1.20.3-150400.38.63.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS xorg-x11-server-sdk-1.20.3-150400.38.63.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS xorg-x11-server-1.20.3-150400.38.63.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS xorg-x11-server-extra-1.20.3-150400.38.63.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS xorg-x11-server-sdk-1.20.3-150400.38.63.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS xorg-x11-server-1.20.3-150400.38.63.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 xorg-x11-server-extra-1.20.3-150400.38.63.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 xorg-x11-server-sdk-1.20.3-150400.38.63.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 xorg-x11-server-1.20.3-150400.38.63.1 as a component of SUSE Manager Proxy LTS 4.3 xorg-x11-server-extra-1.20.3-150400.38.63.1 as a component of SUSE Manager Proxy LTS 4.3 xorg-x11-server-1.20.3-150400.38.63.1 as a component of SUSE Manager Server LTS 4.3 xorg-x11-server-extra-1.20.3-150400.38.63.1 as a component of SUSE Manager Server LTS 4.3 A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an attacker to execute arbitrary code or cause a denial of service. CVE-2025-62229 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xorg-x11-server-1.20.3-150400.38.63.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xorg-x11-server-extra-1.20.3-150400.38.63.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xorg-x11-server-sdk-1.20.3-150400.38.63.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xorg-x11-server-1.20.3-150400.38.63.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xorg-x11-server-extra-1.20.3-150400.38.63.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xorg-x11-server-sdk-1.20.3-150400.38.63.1 SUSE Linux Enterprise Server 15 SP4-LTSS:xorg-x11-server-1.20.3-150400.38.63.1 SUSE Linux Enterprise Server 15 SP4-LTSS:xorg-x11-server-extra-1.20.3-150400.38.63.1 SUSE Linux Enterprise Server 15 SP4-LTSS:xorg-x11-server-sdk-1.20.3-150400.38.63.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:xorg-x11-server-1.20.3-150400.38.63.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:xorg-x11-server-extra-1.20.3-150400.38.63.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:xorg-x11-server-sdk-1.20.3-150400.38.63.1 SUSE Manager Proxy LTS 4.3:xorg-x11-server-1.20.3-150400.38.63.1 SUSE Manager Proxy LTS 4.3:xorg-x11-server-extra-1.20.3-150400.38.63.1 SUSE Manager Server LTS 4.3:xorg-x11-server-1.20.3-150400.38.63.1 SUSE Manager Server LTS 4.3:xorg-x11-server-extra-1.20.3-150400.38.63.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253909-1/ https://www.suse.com/security/cve/CVE-2025-62229.html CVE-2025-62229 https://bugzilla.suse.com/1251958 SUSE Bug 1251958 A flaw was discovered in the X.Org X server's X Keyboard (Xkb) extension when handling client resource cleanup. The software frees certain data structures without properly detaching related resources, leading to a use-after-free condition. This can cause memory corruption or a crash when affected clients disconnect. CVE-2025-62230 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xorg-x11-server-1.20.3-150400.38.63.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xorg-x11-server-extra-1.20.3-150400.38.63.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xorg-x11-server-sdk-1.20.3-150400.38.63.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xorg-x11-server-1.20.3-150400.38.63.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xorg-x11-server-extra-1.20.3-150400.38.63.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xorg-x11-server-sdk-1.20.3-150400.38.63.1 SUSE Linux Enterprise Server 15 SP4-LTSS:xorg-x11-server-1.20.3-150400.38.63.1 SUSE Linux Enterprise Server 15 SP4-LTSS:xorg-x11-server-extra-1.20.3-150400.38.63.1 SUSE Linux Enterprise Server 15 SP4-LTSS:xorg-x11-server-sdk-1.20.3-150400.38.63.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:xorg-x11-server-1.20.3-150400.38.63.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:xorg-x11-server-extra-1.20.3-150400.38.63.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:xorg-x11-server-sdk-1.20.3-150400.38.63.1 SUSE Manager Proxy LTS 4.3:xorg-x11-server-1.20.3-150400.38.63.1 SUSE Manager Proxy LTS 4.3:xorg-x11-server-extra-1.20.3-150400.38.63.1 SUSE Manager Server LTS 4.3:xorg-x11-server-1.20.3-150400.38.63.1 SUSE Manager Server LTS 4.3:xorg-x11-server-extra-1.20.3-150400.38.63.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253909-1/ https://www.suse.com/security/cve/CVE-2025-62230.html CVE-2025-62230 https://bugzilla.suse.com/1251959 SUSE Bug 1251959 A flaw was identified in the X.Org X server's X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash. CVE-2025-62231 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xorg-x11-server-1.20.3-150400.38.63.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xorg-x11-server-extra-1.20.3-150400.38.63.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:xorg-x11-server-sdk-1.20.3-150400.38.63.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xorg-x11-server-1.20.3-150400.38.63.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xorg-x11-server-extra-1.20.3-150400.38.63.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:xorg-x11-server-sdk-1.20.3-150400.38.63.1 SUSE Linux Enterprise Server 15 SP4-LTSS:xorg-x11-server-1.20.3-150400.38.63.1 SUSE Linux Enterprise Server 15 SP4-LTSS:xorg-x11-server-extra-1.20.3-150400.38.63.1 SUSE Linux Enterprise Server 15 SP4-LTSS:xorg-x11-server-sdk-1.20.3-150400.38.63.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:xorg-x11-server-1.20.3-150400.38.63.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:xorg-x11-server-extra-1.20.3-150400.38.63.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:xorg-x11-server-sdk-1.20.3-150400.38.63.1 SUSE Manager Proxy LTS 4.3:xorg-x11-server-1.20.3-150400.38.63.1 SUSE Manager Proxy LTS 4.3:xorg-x11-server-extra-1.20.3-150400.38.63.1 SUSE Manager Server LTS 4.3:xorg-x11-server-1.20.3-150400.38.63.1 SUSE Manager Server LTS 4.3:xorg-x11-server-extra-1.20.3-150400.38.63.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253909-1/ https://www.suse.com/security/cve/CVE-2025-62231.html CVE-2025-62231 https://bugzilla.suse.com/1251960 SUSE Bug 1251960