Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Lightspeed
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Lightspeed
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2026:36083 - Security Advisory
Issued:
2026-07-07
Updated:
2026-07-07

RHSA-2026:36083 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: xorg-x11-server security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.

Security Fix(es):

  • xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch (CVE-2026-50256)
  • xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in miSyncDestroyFence() (CVE-2026-50257)
  • xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in XKB key types due to unchecked shift levels (CVE-2026-50258)
  • xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in XKB SetMap request via mapWidths indexing (CVE-2026-50259)
  • xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in FreeCounter() (CVE-2026-50260)
  • xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in SyncChangeCounter() (CVE-2026-50261)
  • xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds read/write in GLX ChangeDrawableAttributes (CVE-2026-50262)
  • xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free information disclosure in CreateSaverWindow() (CVE-2026-50263)
  • xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat (CVE-2026-50264)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

  • BZ - 2485380 - CVE-2026-50256 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch
  • BZ - 2485382 - CVE-2026-50257 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in miSyncDestroyFence()
  • BZ - 2485383 - CVE-2026-50258 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in XKB key types due to unchecked shift levels
  • BZ - 2485384 - CVE-2026-50259 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in XKB SetMap request via mapWidths indexing
  • BZ - 2485385 - CVE-2026-50260 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in FreeCounter()
  • BZ - 2485386 - CVE-2026-50261 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in SyncChangeCounter()
  • BZ - 2485387 - CVE-2026-50262 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds read/write in GLX ChangeDrawableAttributes
  • BZ - 2485388 - CVE-2026-50263 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free information disclosure in CreateSaverWindow()
  • BZ - 2485389 - CVE-2026-50264 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat

CVEs

  • CVE-2026-50256
  • CVE-2026-50257
  • CVE-2026-50258
  • CVE-2026-50259
  • CVE-2026-50260
  • CVE-2026-50261
  • CVE-2026-50262
  • CVE-2026-50263
  • CVE-2026-50264

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
xorg-x11-server-1.20.4-35.el7_9.src.rpm SHA-256: c3d7826b8d910cebcd008e996a50a6829c72283dca53dd72e76f5ca5bb443f73
x86_64
xorg-x11-server-Xdmx-1.20.4-35.el7_9.x86_64.rpm SHA-256: 1d4cfc59b26edb484e636ff880775a9e339ebd0ac31a9c887363a801e7122182
xorg-x11-server-Xephyr-1.20.4-35.el7_9.x86_64.rpm SHA-256: 9bfd727af721216b11febe511fc511f5e00dc014d5ebc96e136bd55211b34844
xorg-x11-server-Xnest-1.20.4-35.el7_9.x86_64.rpm SHA-256: 29fbb8d31b30b81c3d06d655e4d0302d84b412b59c27c0cb4f92b1043551205a
xorg-x11-server-Xorg-1.20.4-35.el7_9.x86_64.rpm SHA-256: ea54994b164893ff4e04227a3490f210dd71a5877fe3d7a7173b4c225964fe05
xorg-x11-server-Xvfb-1.20.4-35.el7_9.x86_64.rpm SHA-256: 7b87f75f0dcb5c84887bcaad9561394d732f8e7384f8f83b1574274bfe1e7396
xorg-x11-server-Xwayland-1.20.4-35.el7_9.x86_64.rpm SHA-256: 140e898f9bc48c19da4ccdc8a235cfcb966495809b19b9a4ffa939badd8254fd
xorg-x11-server-common-1.20.4-35.el7_9.x86_64.rpm SHA-256: a67bfce982dd19ac559510404fbc28f9de7c32ad71a0c20cedb4b9ddc8d19319
xorg-x11-server-debuginfo-1.20.4-35.el7_9.i686.rpm SHA-256: 776c0899118b30ed97aac34c3c750e1a6ba8359456e1073ce510034fe036c7cd
xorg-x11-server-debuginfo-1.20.4-35.el7_9.x86_64.rpm SHA-256: f531ac996b98e93ad3cb465808a32bb94e11c687d752947e153286c4e1a853d3
xorg-x11-server-debuginfo-1.20.4-35.el7_9.x86_64.rpm SHA-256: f531ac996b98e93ad3cb465808a32bb94e11c687d752947e153286c4e1a853d3
xorg-x11-server-devel-1.20.4-35.el7_9.i686.rpm SHA-256: b3af00c814b67f9a71038fd5e3684e063eade14d4a80e7405d231b328d0fcf5a
xorg-x11-server-devel-1.20.4-35.el7_9.x86_64.rpm SHA-256: 2c51792cd02b89ce43ef73f738465c739358ee50cb975ac41f882ea03e6c19b8
xorg-x11-server-source-1.20.4-35.el7_9.noarch.rpm SHA-256: ace73585e62c8939bab76b98759f7a507a85f7c50a5bb2ff2910e84a489b109b

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7

SRPM
xorg-x11-server-1.20.4-35.el7_9.src.rpm SHA-256: c3d7826b8d910cebcd008e996a50a6829c72283dca53dd72e76f5ca5bb443f73
s390x
xorg-x11-server-Xdmx-1.20.4-35.el7_9.s390x.rpm SHA-256: ba9aa9f7912e32e92d243362ade7ffb1e031006c301bb14d7feb2c3afaa3cd51
xorg-x11-server-Xephyr-1.20.4-35.el7_9.s390x.rpm SHA-256: 0556a6bec3a9a82e1a2844f1c551e93d0840816b0fd5fc75b102727cf795979b
xorg-x11-server-Xnest-1.20.4-35.el7_9.s390x.rpm SHA-256: c8736309767a95fd287eaf62e976f36bdba84790dd9eacf16e34a12bd27df27a
xorg-x11-server-Xvfb-1.20.4-35.el7_9.s390x.rpm SHA-256: ecddc506bdeb5aaf36885a7999277adb0328602f3f30cbffd36211f9d34ef886
xorg-x11-server-Xwayland-1.20.4-35.el7_9.s390x.rpm SHA-256: b81dc8f1217960f54257feb863b90ed0a791b5815a94ca5c585fc0744c5996b1
xorg-x11-server-common-1.20.4-35.el7_9.s390x.rpm SHA-256: 9175b3740b9ea610a893db34cbfeddbaeb8ba2c29f898b793eabf6731d07c486
xorg-x11-server-debuginfo-1.20.4-35.el7_9.s390x.rpm SHA-256: ac50321a4d969ae723ccf3c517320ee85447afae2a69cf13375ce38e44d56200
xorg-x11-server-debuginfo-1.20.4-35.el7_9.s390x.rpm SHA-256: ac50321a4d969ae723ccf3c517320ee85447afae2a69cf13375ce38e44d56200
xorg-x11-server-source-1.20.4-35.el7_9.noarch.rpm SHA-256: ace73585e62c8939bab76b98759f7a507a85f7c50a5bb2ff2910e84a489b109b

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7

SRPM
xorg-x11-server-1.20.4-35.el7_9.src.rpm SHA-256: c3d7826b8d910cebcd008e996a50a6829c72283dca53dd72e76f5ca5bb443f73
ppc64
xorg-x11-server-Xdmx-1.20.4-35.el7_9.ppc64.rpm SHA-256: 240d96a15a02e12e021205a5a2d6f198c26b8272c211ae86895a3a2020f89448
xorg-x11-server-Xephyr-1.20.4-35.el7_9.ppc64.rpm SHA-256: a02c3437fb62113717f260ad9abcf42c032c17e9c2202045ac91f91dd6ddd10a
xorg-x11-server-Xnest-1.20.4-35.el7_9.ppc64.rpm SHA-256: d394bfc8a0fe589b63828459b5a19bde52b7fe7286a804164b78dbd0531a530b
xorg-x11-server-Xorg-1.20.4-35.el7_9.ppc64.rpm SHA-256: c9f7b26fd23c33ddab06cafb60f34291d25da053736c60ff97da86a4c1fad57e
xorg-x11-server-Xvfb-1.20.4-35.el7_9.ppc64.rpm SHA-256: 9672e6a1881c20f07b2b71ca0acd4152ca6f9146009468f66094cfbd13896743
xorg-x11-server-Xwayland-1.20.4-35.el7_9.ppc64.rpm SHA-256: d6b30e2a40468ca2913e2669793a5f727a54d9ec6ef2bc1aed945116dfb21a28
xorg-x11-server-common-1.20.4-35.el7_9.ppc64.rpm SHA-256: 12e5a79b56253b14ab128b02f189c78470feba8373aabf68eb468ea789ba75e9
xorg-x11-server-debuginfo-1.20.4-35.el7_9.ppc.rpm SHA-256: f75944b9e6b2d75cb715dc71423a68a5db10edd3267ec66a2855cf5635aeec67
xorg-x11-server-debuginfo-1.20.4-35.el7_9.ppc64.rpm SHA-256: cde362158dde35d933120340a5c0f44eec25dcd6c4bfaa2e9490aa8a3abef60a
xorg-x11-server-debuginfo-1.20.4-35.el7_9.ppc64.rpm SHA-256: cde362158dde35d933120340a5c0f44eec25dcd6c4bfaa2e9490aa8a3abef60a
xorg-x11-server-devel-1.20.4-35.el7_9.ppc.rpm SHA-256: 01369aac0dd629534953006009e7bca2f1b98b185d13834d4fcd21fff2ce83c2
xorg-x11-server-devel-1.20.4-35.el7_9.ppc64.rpm SHA-256: ea6e053b35b72af0333bd9bca019dfdb1fe77096db869c999dd05a31688aabc6
xorg-x11-server-source-1.20.4-35.el7_9.noarch.rpm SHA-256: ace73585e62c8939bab76b98759f7a507a85f7c50a5bb2ff2910e84a489b109b

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
xorg-x11-server-1.20.4-35.el7_9.src.rpm SHA-256: c3d7826b8d910cebcd008e996a50a6829c72283dca53dd72e76f5ca5bb443f73
ppc64le
xorg-x11-server-Xdmx-1.20.4-35.el7_9.ppc64le.rpm SHA-256: 0f438fb82c94a73624b996015656efd321a0ebee8cbc051c99584844dafc2381
xorg-x11-server-Xephyr-1.20.4-35.el7_9.ppc64le.rpm SHA-256: ae47778fdc7fdd12d3013ce179f65a8934f450f13afd6f09fef6d4d872dafeaf
xorg-x11-server-Xnest-1.20.4-35.el7_9.ppc64le.rpm SHA-256: b87782bd04f586be1c9960ea34b5e490270ccda5d5a21d3222facbdd34f2893e
xorg-x11-server-Xorg-1.20.4-35.el7_9.ppc64le.rpm SHA-256: ee0f9b2c7f956933e7a7bb85ff43520dcdce51c645cbd7f96102925a90707d66
xorg-x11-server-Xvfb-1.20.4-35.el7_9.ppc64le.rpm SHA-256: a35723b517901e504a86110cd180a58b5860e51499de863d80399ef5df83d3c5
xorg-x11-server-Xwayland-1.20.4-35.el7_9.ppc64le.rpm SHA-256: cc1b6cc96a7cac71333cab0077377a9227eead8290824e44c47898ef904a40e5
xorg-x11-server-common-1.20.4-35.el7_9.ppc64le.rpm SHA-256: aba88e2d1af418d82269d9c4fbe8ed6bc8d539a149b148fc5f136344f8db4fb4
xorg-x11-server-debuginfo-1.20.4-35.el7_9.ppc64le.rpm SHA-256: fabc894e310bd95f7dff6a1f9dd8dc5e958a50b4fdadbf08767a73b84c2dfbc3
xorg-x11-server-debuginfo-1.20.4-35.el7_9.ppc64le.rpm SHA-256: fabc894e310bd95f7dff6a1f9dd8dc5e958a50b4fdadbf08767a73b84c2dfbc3
xorg-x11-server-devel-1.20.4-35.el7_9.ppc64le.rpm SHA-256: 1f660fc033ada3a317fb3b867ab6ea53fce8462833e120ca39bb9c954d94c5a3
xorg-x11-server-source-1.20.4-35.el7_9.noarch.rpm SHA-256: ace73585e62c8939bab76b98759f7a507a85f7c50a5bb2ff2910e84a489b109b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2026 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility