Red Hat Product Errata RHSA-2026:11656 - Security Advisory
Issued:
2026-04-29
Updated:
2026-04-29

RHSA-2026:11656 - Security Advisory

Synopsis

Important: xorg-x11-server-Xwayland security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Xwayland is an X server for running X clients under Wayland.

Security Fix(es):

  • xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling (CVE-2026-33999)
  • xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption (CVE-2026-34001)
  • xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access (CVE-2026-34003)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x

Fixes

  • BZ - 2451106 - CVE-2026-33999 xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling
  • BZ - 2451109 - CVE-2026-34001 xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption
  • BZ - 2451113 - CVE-2026-34003 xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access

Red Hat Enterprise Linux for x86_64 8

SRPM
xorg-x11-server-Xwayland-21.1.3-20.el8_10.src.rpm SHA-256: 0f7e2231024fee3775ed29a90aab9359a86ea1e49b2b3830ac386bef77cb637d
x86_64
xorg-x11-server-Xwayland-21.1.3-20.el8_10.x86_64.rpm SHA-256: 00339940f4fa4fad0850e6dab0156abba76670ada39a84fffa9ba058fca36741
xorg-x11-server-Xwayland-debuginfo-21.1.3-20.el8_10.x86_64.rpm SHA-256: 7f35b1f61c6a649aed1c44ac001f185fa54951f851134e094eba773e35563dbe
xorg-x11-server-Xwayland-debugsource-21.1.3-20.el8_10.x86_64.rpm SHA-256: d154dff065328ab936b9255b12c1141769de9476d8151e38a454d4f7f4f72be1

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
xorg-x11-server-Xwayland-21.1.3-20.el8_10.src.rpm SHA-256: 0f7e2231024fee3775ed29a90aab9359a86ea1e49b2b3830ac386bef77cb637d
s390x
xorg-x11-server-Xwayland-21.1.3-20.el8_10.s390x.rpm SHA-256: d804575ac94d731af248a46f0875a5b5bf844234dab0ff9534b88c665e05a14c
xorg-x11-server-Xwayland-debuginfo-21.1.3-20.el8_10.s390x.rpm SHA-256: 15ccd9a755ad894aa17fe9fb8aa8efe618c4a4666715f68b70b6eb81d094a0b0
xorg-x11-server-Xwayland-debugsource-21.1.3-20.el8_10.s390x.rpm SHA-256: bdf26aee270496f230e0740ae0f62e214b0145c10358569ec47f02f9bd2f09f1

Red Hat Enterprise Linux for Power, little endian 8

SRPM
xorg-x11-server-Xwayland-21.1.3-20.el8_10.src.rpm SHA-256: 0f7e2231024fee3775ed29a90aab9359a86ea1e49b2b3830ac386bef77cb637d
ppc64le
xorg-x11-server-Xwayland-21.1.3-20.el8_10.ppc64le.rpm SHA-256: 1a9d48b528de2774c949341e16c2b2daa6cf20f210729537dbe7790d246914c3
xorg-x11-server-Xwayland-debuginfo-21.1.3-20.el8_10.ppc64le.rpm SHA-256: 7bf4e449a5ea8766e5922a63dbe146c67482c1b694bfbcc341cc263b51c2a444
xorg-x11-server-Xwayland-debugsource-21.1.3-20.el8_10.ppc64le.rpm SHA-256: 17e50aa7fa1469fdbde5d255fc29149c0b2e2bd0e67a3b2eedcaedd4dddfe65d

Red Hat Enterprise Linux for ARM 64 8

SRPM
xorg-x11-server-Xwayland-21.1.3-20.el8_10.src.rpm SHA-256: 0f7e2231024fee3775ed29a90aab9359a86ea1e49b2b3830ac386bef77cb637d
aarch64
xorg-x11-server-Xwayland-21.1.3-20.el8_10.aarch64.rpm SHA-256: 9820051ca6d74a567399b8d2b9a99b64480c71e3cf43abd98625271aa15ce7e9
xorg-x11-server-Xwayland-debuginfo-21.1.3-20.el8_10.aarch64.rpm SHA-256: 14f5bdf02a9ebdb9f1a0b7a54bc6db402cfc89e0e5732fe6da2c30ea9b65da41
xorg-x11-server-Xwayland-debugsource-21.1.3-20.el8_10.aarch64.rpm SHA-256: 946fd2615d6de0493be49e390ceb75d7d88bed3e5f1156de9ef856ad3b0f8d3e

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10

SRPM
xorg-x11-server-Xwayland-21.1.3-20.el8_10.src.rpm SHA-256: 0f7e2231024fee3775ed29a90aab9359a86ea1e49b2b3830ac386bef77cb637d
x86_64
xorg-x11-server-Xwayland-21.1.3-20.el8_10.x86_64.rpm SHA-256: 00339940f4fa4fad0850e6dab0156abba76670ada39a84fffa9ba058fca36741
xorg-x11-server-Xwayland-debuginfo-21.1.3-20.el8_10.x86_64.rpm SHA-256: 7f35b1f61c6a649aed1c44ac001f185fa54951f851134e094eba773e35563dbe
xorg-x11-server-Xwayland-debugsource-21.1.3-20.el8_10.x86_64.rpm SHA-256: d154dff065328ab936b9255b12c1141769de9476d8151e38a454d4f7f4f72be1

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10

SRPM
xorg-x11-server-Xwayland-21.1.3-20.el8_10.src.rpm SHA-256: 0f7e2231024fee3775ed29a90aab9359a86ea1e49b2b3830ac386bef77cb637d
aarch64
xorg-x11-server-Xwayland-21.1.3-20.el8_10.aarch64.rpm SHA-256: 9820051ca6d74a567399b8d2b9a99b64480c71e3cf43abd98625271aa15ce7e9
xorg-x11-server-Xwayland-debuginfo-21.1.3-20.el8_10.aarch64.rpm SHA-256: 14f5bdf02a9ebdb9f1a0b7a54bc6db402cfc89e0e5732fe6da2c30ea9b65da41
xorg-x11-server-Xwayland-debugsource-21.1.3-20.el8_10.aarch64.rpm SHA-256: 946fd2615d6de0493be49e390ceb75d7d88bed3e5f1156de9ef856ad3b0f8d3e

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10

SRPM
xorg-x11-server-Xwayland-21.1.3-20.el8_10.src.rpm SHA-256: 0f7e2231024fee3775ed29a90aab9359a86ea1e49b2b3830ac386bef77cb637d
ppc64le
xorg-x11-server-Xwayland-21.1.3-20.el8_10.ppc64le.rpm SHA-256: 1a9d48b528de2774c949341e16c2b2daa6cf20f210729537dbe7790d246914c3
xorg-x11-server-Xwayland-debuginfo-21.1.3-20.el8_10.ppc64le.rpm SHA-256: 7bf4e449a5ea8766e5922a63dbe146c67482c1b694bfbcc341cc263b51c2a444
xorg-x11-server-Xwayland-debugsource-21.1.3-20.el8_10.ppc64le.rpm SHA-256: 17e50aa7fa1469fdbde5d255fc29149c0b2e2bd0e67a3b2eedcaedd4dddfe65d

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10

SRPM
xorg-x11-server-Xwayland-21.1.3-20.el8_10.src.rpm SHA-256: 0f7e2231024fee3775ed29a90aab9359a86ea1e49b2b3830ac386bef77cb637d
s390x
xorg-x11-server-Xwayland-21.1.3-20.el8_10.s390x.rpm SHA-256: d804575ac94d731af248a46f0875a5b5bf844234dab0ff9534b88c665e05a14c
xorg-x11-server-Xwayland-debuginfo-21.1.3-20.el8_10.s390x.rpm SHA-256: 15ccd9a755ad894aa17fe9fb8aa8efe618c4a4666715f68b70b6eb81d094a0b0
xorg-x11-server-Xwayland-debugsource-21.1.3-20.el8_10.s390x.rpm SHA-256: bdf26aee270496f230e0740ae0f62e214b0145c10358569ec47f02f9bd2f09f1

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.