Issued:: 2026-05-26
Updated:: 2026-05-26

RHSA-2026:20560 - Security Advisory

Overview
Updated Packages

Synopsis

Important: xorg-x11-server-Xwayland security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Xwayland is an X server for running X clients under Wayland.

Security Fix(es):

xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling (CVE-2026-33999)
xwayland: xorg: X.Org X server: Information disclosure and denial of service via out-of-bounds read in XKB geometry processing. (CVE-2026-34000)
xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption (CVE-2026-34001)
xorg: xwayland: X.Org X server: Information disclosure or Denial of Service via out-of-bounds read in XKB modifier map handling (CVE-2026-34002)
xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access (CVE-2026-34003)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
Red Hat Enterprise Linux Server - AUS 9.4 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x

Fixes

BZ - 2451106 - CVE-2026-33999 xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling
BZ - 2451107 - CVE-2026-34000 xwayland: xorg: X.Org X server: Information disclosure and denial of service via out-of-bounds read in XKB geometry processing.
BZ - 2451109 - CVE-2026-34001 xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption
BZ - 2451112 - CVE-2026-34002 xorg: xwayland: X.Org X server: Information disclosure or Denial of Service via out-of-bounds read in XKB modifier map handling
BZ - 2451113 - CVE-2026-34003 xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
xorg-x11-server-Xwayland-22.1.9-8.el9_4.src.rpm	SHA-256: 4be14738573af6037df86c340297318315511d47a6a6351b00072d62b206f245
x86_64
xorg-x11-server-Xwayland-22.1.9-8.el9_4.x86_64.rpm	SHA-256: 7a3224c884dc2d5936f9c5660a9dc977931cc0aeb8f3e378c3b433f8d61b7592
xorg-x11-server-Xwayland-debuginfo-22.1.9-8.el9_4.x86_64.rpm	SHA-256: ded806902ef423ec26e04e5456eb4ef5ebb166818dda0fb2a9911fa053c3ba7a
xorg-x11-server-Xwayland-debugsource-22.1.9-8.el9_4.x86_64.rpm	SHA-256: 52e8716bd1c4d1b86804c962c38cfe915bff1e516e059d6da007c770e9c7fdc7

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
xorg-x11-server-Xwayland-22.1.9-8.el9_4.src.rpm	SHA-256: 4be14738573af6037df86c340297318315511d47a6a6351b00072d62b206f245
x86_64
xorg-x11-server-Xwayland-22.1.9-8.el9_4.x86_64.rpm	SHA-256: 7a3224c884dc2d5936f9c5660a9dc977931cc0aeb8f3e378c3b433f8d61b7592
xorg-x11-server-Xwayland-debuginfo-22.1.9-8.el9_4.x86_64.rpm	SHA-256: ded806902ef423ec26e04e5456eb4ef5ebb166818dda0fb2a9911fa053c3ba7a
xorg-x11-server-Xwayland-debugsource-22.1.9-8.el9_4.x86_64.rpm	SHA-256: 52e8716bd1c4d1b86804c962c38cfe915bff1e516e059d6da007c770e9c7fdc7

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
xorg-x11-server-Xwayland-22.1.9-8.el9_4.src.rpm	SHA-256: 4be14738573af6037df86c340297318315511d47a6a6351b00072d62b206f245
s390x
xorg-x11-server-Xwayland-22.1.9-8.el9_4.s390x.rpm	SHA-256: 01c4416a7de9de6bb7f7431152fc4e496daf41aef7f5c7fa47d3163e084b3eec
xorg-x11-server-Xwayland-debuginfo-22.1.9-8.el9_4.s390x.rpm	SHA-256: bea451736606f832bea5fe2d5527812b34479255f7cf87fe3db057d6332abb81
xorg-x11-server-Xwayland-debugsource-22.1.9-8.el9_4.s390x.rpm	SHA-256: 191e06832ad88b1f969cc973caf1b421421fc773e4abebfd7e24d44f260b9e55

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
xorg-x11-server-Xwayland-22.1.9-8.el9_4.src.rpm	SHA-256: 4be14738573af6037df86c340297318315511d47a6a6351b00072d62b206f245
ppc64le
xorg-x11-server-Xwayland-22.1.9-8.el9_4.ppc64le.rpm	SHA-256: d360ff3e27a7b01535bacd7935738516e8fcf79546f78fd16255d6e4d6757b6a
xorg-x11-server-Xwayland-debuginfo-22.1.9-8.el9_4.ppc64le.rpm	SHA-256: 69129c3cd8713ee6d1e06740ed5fbe73dfa34b45e1d808daf14338cd6f3ad31b
xorg-x11-server-Xwayland-debugsource-22.1.9-8.el9_4.ppc64le.rpm	SHA-256: 58e214c511f22b0a8ee6caad08c5913d728d2a3bef84221eb359a4f3dbfa6718

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
xorg-x11-server-Xwayland-22.1.9-8.el9_4.src.rpm	SHA-256: 4be14738573af6037df86c340297318315511d47a6a6351b00072d62b206f245
aarch64
xorg-x11-server-Xwayland-22.1.9-8.el9_4.aarch64.rpm	SHA-256: cba3e3753903a884d29f13c4fefb243f8cd1e9cb869103998b72396ab472319b
xorg-x11-server-Xwayland-debuginfo-22.1.9-8.el9_4.aarch64.rpm	SHA-256: c81b9641fedb327ea6d4b8ccb425b9b18c3131ebc63b77e587a8920103d5830e
xorg-x11-server-Xwayland-debugsource-22.1.9-8.el9_4.aarch64.rpm	SHA-256: 3349b25414f41de2d980807ab1c0b9437423c3fffc6f8c006b6c0a0000a13a2a

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
xorg-x11-server-Xwayland-22.1.9-8.el9_4.src.rpm	SHA-256: 4be14738573af6037df86c340297318315511d47a6a6351b00072d62b206f245
ppc64le
xorg-x11-server-Xwayland-22.1.9-8.el9_4.ppc64le.rpm	SHA-256: d360ff3e27a7b01535bacd7935738516e8fcf79546f78fd16255d6e4d6757b6a
xorg-x11-server-Xwayland-debuginfo-22.1.9-8.el9_4.ppc64le.rpm	SHA-256: 69129c3cd8713ee6d1e06740ed5fbe73dfa34b45e1d808daf14338cd6f3ad31b
xorg-x11-server-Xwayland-debugsource-22.1.9-8.el9_4.ppc64le.rpm	SHA-256: 58e214c511f22b0a8ee6caad08c5913d728d2a3bef84221eb359a4f3dbfa6718

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
xorg-x11-server-Xwayland-22.1.9-8.el9_4.src.rpm	SHA-256: 4be14738573af6037df86c340297318315511d47a6a6351b00072d62b206f245
x86_64
xorg-x11-server-Xwayland-22.1.9-8.el9_4.x86_64.rpm	SHA-256: 7a3224c884dc2d5936f9c5660a9dc977931cc0aeb8f3e378c3b433f8d61b7592
xorg-x11-server-Xwayland-debuginfo-22.1.9-8.el9_4.x86_64.rpm	SHA-256: ded806902ef423ec26e04e5456eb4ef5ebb166818dda0fb2a9911fa053c3ba7a
xorg-x11-server-Xwayland-debugsource-22.1.9-8.el9_4.x86_64.rpm	SHA-256: 52e8716bd1c4d1b86804c962c38cfe915bff1e516e059d6da007c770e9c7fdc7

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
xorg-x11-server-Xwayland-22.1.9-8.el9_4.src.rpm	SHA-256: 4be14738573af6037df86c340297318315511d47a6a6351b00072d62b206f245
aarch64
xorg-x11-server-Xwayland-22.1.9-8.el9_4.aarch64.rpm	SHA-256: cba3e3753903a884d29f13c4fefb243f8cd1e9cb869103998b72396ab472319b
xorg-x11-server-Xwayland-debuginfo-22.1.9-8.el9_4.aarch64.rpm	SHA-256: c81b9641fedb327ea6d4b8ccb425b9b18c3131ebc63b77e587a8920103d5830e
xorg-x11-server-Xwayland-debugsource-22.1.9-8.el9_4.aarch64.rpm	SHA-256: 3349b25414f41de2d980807ab1c0b9437423c3fffc6f8c006b6c0a0000a13a2a

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
xorg-x11-server-Xwayland-22.1.9-8.el9_4.src.rpm	SHA-256: 4be14738573af6037df86c340297318315511d47a6a6351b00072d62b206f245
s390x
xorg-x11-server-Xwayland-22.1.9-8.el9_4.s390x.rpm	SHA-256: 01c4416a7de9de6bb7f7431152fc4e496daf41aef7f5c7fa47d3163e084b3eec
xorg-x11-server-Xwayland-debuginfo-22.1.9-8.el9_4.s390x.rpm	SHA-256: bea451736606f832bea5fe2d5527812b34479255f7cf87fe3db057d6332abb81
xorg-x11-server-Xwayland-debugsource-22.1.9-8.el9_4.s390x.rpm	SHA-256: 191e06832ad88b1f969cc973caf1b421421fc773e4abebfd7e24d44f260b9e55

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4

SRPM
xorg-x11-server-Xwayland-22.1.9-8.el9_4.src.rpm	SHA-256: 4be14738573af6037df86c340297318315511d47a6a6351b00072d62b206f245
x86_64
xorg-x11-server-Xwayland-22.1.9-8.el9_4.x86_64.rpm	SHA-256: 7a3224c884dc2d5936f9c5660a9dc977931cc0aeb8f3e378c3b433f8d61b7592
xorg-x11-server-Xwayland-debuginfo-22.1.9-8.el9_4.x86_64.rpm	SHA-256: ded806902ef423ec26e04e5456eb4ef5ebb166818dda0fb2a9911fa053c3ba7a
xorg-x11-server-Xwayland-debugsource-22.1.9-8.el9_4.x86_64.rpm	SHA-256: 52e8716bd1c4d1b86804c962c38cfe915bff1e516e059d6da007c770e9c7fdc7

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4

SRPM
xorg-x11-server-Xwayland-22.1.9-8.el9_4.src.rpm	SHA-256: 4be14738573af6037df86c340297318315511d47a6a6351b00072d62b206f245
aarch64
xorg-x11-server-Xwayland-22.1.9-8.el9_4.aarch64.rpm	SHA-256: cba3e3753903a884d29f13c4fefb243f8cd1e9cb869103998b72396ab472319b
xorg-x11-server-Xwayland-debuginfo-22.1.9-8.el9_4.aarch64.rpm	SHA-256: c81b9641fedb327ea6d4b8ccb425b9b18c3131ebc63b77e587a8920103d5830e
xorg-x11-server-Xwayland-debugsource-22.1.9-8.el9_4.aarch64.rpm	SHA-256: 3349b25414f41de2d980807ab1c0b9437423c3fffc6f8c006b6c0a0000a13a2a

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4

SRPM
xorg-x11-server-Xwayland-22.1.9-8.el9_4.src.rpm	SHA-256: 4be14738573af6037df86c340297318315511d47a6a6351b00072d62b206f245
ppc64le
xorg-x11-server-Xwayland-22.1.9-8.el9_4.ppc64le.rpm	SHA-256: d360ff3e27a7b01535bacd7935738516e8fcf79546f78fd16255d6e4d6757b6a
xorg-x11-server-Xwayland-debuginfo-22.1.9-8.el9_4.ppc64le.rpm	SHA-256: 69129c3cd8713ee6d1e06740ed5fbe73dfa34b45e1d808daf14338cd6f3ad31b
xorg-x11-server-Xwayland-debugsource-22.1.9-8.el9_4.ppc64le.rpm	SHA-256: 58e214c511f22b0a8ee6caad08c5913d728d2a3bef84221eb359a4f3dbfa6718

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4

SRPM
xorg-x11-server-Xwayland-22.1.9-8.el9_4.src.rpm	SHA-256: 4be14738573af6037df86c340297318315511d47a6a6351b00072d62b206f245
s390x
xorg-x11-server-Xwayland-22.1.9-8.el9_4.s390x.rpm	SHA-256: 01c4416a7de9de6bb7f7431152fc4e496daf41aef7f5c7fa47d3163e084b3eec
xorg-x11-server-Xwayland-debuginfo-22.1.9-8.el9_4.s390x.rpm	SHA-256: bea451736606f832bea5fe2d5527812b34479255f7cf87fe3db057d6332abb81
xorg-x11-server-Xwayland-debugsource-22.1.9-8.el9_4.s390x.rpm	SHA-256: 191e06832ad88b1f969cc973caf1b421421fc773e4abebfd7e24d44f260b9e55

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation