Source: xorg-server
Version: 2:21.1.23-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 2:21.1.16-1

Hi,

The following vulnerabilities were published for xorg-server.

CVE-2026-55999[0]:
| Local attackers with a X connection able to provide PCX fonts to the
| X  server xorg-server before 21.2.24 and xwayland before 24.1.13
| could  cause a heap buffer overflow via SetFont due to missing glyph
| boundary checks.


CVE-2026-56000[1]:
| Local attackers with a X connection able to provide GLX commit to
| the X server xorg-server before 21.2.24 and xwayland before 24.1.13
| could cause a Heap Use After Free, due to CommonMakeCurrent()
| pointing into potentially reallocated memory.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-55999
    https://www.cve.org/CVERecord?id=CVE-2026-55999
[1] https://security-tracker.debian.org/tracker/CVE-2026-56000
    https://www.cve.org/CVERecord?id=CVE-2026-56000
[2] https://www.openwall.com/lists/oss-security/2026/07/08/2

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply via email to