Red Hat Product Errata RHSA-2026:20562 - Security Advisory Issued: 2026-05-26 Updated: 2026-05-26 RHSA-2026:20562 - Security Advisory Overview Updated Packages Synopsis Important: xorg-x11-server-Xwayland security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Xwayland is an X server for running X clients under Wayland. Security Fix(es): xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling (CVE-2026-33999) xwayland: xorg: X.Org X server: Information disclosure and denial of service via out-of-bounds read in XKB geometry processing. (CVE-2026-34000) xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption (CVE-2026-34001) xorg: xwayland: X.Org X server: Information disclosure or Denial of Service via out-of-bounds read in XKB modifier map handling (CVE-2026-34002) xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access (CVE-2026-34003) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x Fixes BZ - 2451106 - CVE-2026-33999 xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling BZ - 2451107 - CVE-2026-34000 xwayland: xorg: X.Org X server: Information disclosure and denial of service via out-of-bounds read in XKB geometry processing. BZ - 2451109 - CVE-2026-34001 xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption BZ - 2451112 - CVE-2026-34002 xorg: xwayland: X.Org X server: Information disclosure or Denial of Service via out-of-bounds read in XKB modifier map handling BZ - 2451113 - CVE-2026-34003 xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access CVEs CVE-2026-33999 CVE-2026-34000 CVE-2026-34001 CVE-2026-34002 CVE-2026-34003 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 SRPM xorg-x11-server-Xwayland-21.1.3-5.el9_0.src.rpm SHA-256: 78f5f18cf861d11aa8279b48e10a10c0c1e62acf3477b42541db4166355b4560 ppc64le xorg-x11-server-Xwayland-21.1.3-5.el9_0.ppc64le.rpm SHA-256: 3ac807ff0ed363c110c3ab0ff73d69ca99ef885338dd2248f3251bb5c0cb62c3 xorg-x11-server-Xwayland-debuginfo-21.1.3-5.el9_0.ppc64le.rpm SHA-256: 7de5dbdd3db70fcca9587be1ccd3214557cffc84de52de4a91f7f2dee6431c24 xorg-x11-server-Xwayland-debugsource-21.1.3-5.el9_0.ppc64le.rpm SHA-256: 30693836d13036b0d5bb93d0482bf9c9ac3ec9f3e3025b6c1202156673433afa Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 SRPM xorg-x11-server-Xwayland-21.1.3-5.el9_0.src.rpm SHA-256: 78f5f18cf861d11aa8279b48e10a10c0c1e62acf3477b42541db4166355b4560 x86_64 xorg-x11-server-Xwayland-21.1.3-5.el9_0.x86_64.rpm SHA-256: b34737c9341937f24d83f0480ba50acd230ad7ad50053a67cb82afe199d58f6e xorg-x11-server-Xwayland-debuginfo-21.1.3-5.el9_0.x86_64.rpm SHA-256: 8294632b6be72e9ad71dcc11951fa1b26aeafce228cc8bfa24617dff42fadec1 xorg-x11-server-Xwayland-debugsource-21.1.3-5.el9_0.x86_64.rpm SHA-256: 76332092f1c5f2c547a81a154c9e9152c042c034fe0daa6e6502f2dadc0cd77b Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 SRPM xorg-x11-server-Xwayland-21.1.3-5.el9_0.src.rpm SHA-256: 78f5f18cf861d11aa8279b48e10a10c0c1e62acf3477b42541db4166355b4560 aarch64 xorg-x11-server-Xwayland-21.1.3-5.el9_0.aarch64.rpm SHA-256: ac984d6e1a7e390b0991bd83b1fca3c0489b1dcf840112b9ef9d5dee41b31907 xorg-x11-server-Xwayland-debuginfo-21.1.3-5.el9_0.aarch64.rpm SHA-256: ec262a90c35ab138ef59e59a7e7944cb58759991892fe04ee1f6aaf5f2011e02 xorg-x11-server-Xwayland-debugsource-21.1.3-5.el9_0.aarch64.rpm SHA-256: a93e73e800fbad5306b864f00370807acfb9974f0940630ae13b602d18e644ca Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 SRPM xorg-x11-server-Xwayland-21.1.3-5.el9_0.src.rpm SHA-256: 78f5f18cf861d11aa8279b48e10a10c0c1e62acf3477b42541db4166355b4560 s390x xorg-x11-server-Xwayland-21.1.3-5.el9_0.s390x.rpm SHA-256: 68fb1305534b9f959a8a385132e4eea7034bba4c659332bccb4431e5731ab0ba xorg-x11-server-Xwayland-debuginfo-21.1.3-5.el9_0.s390x.rpm SHA-256: ca9c03aa88b2430d83add6f379ba2e753366a872b3299faeb0d7e495a5504f10 xorg-x11-server-Xwayland-debugsource-21.1.3-5.el9_0.s390x.rpm SHA-256: 4545ace85a633f3ee2d9c6f2eb52714b909c6765084b774b124c7c6676967ee7 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .