First published 29 April 2026
CVSS:3.1: 7.8 (High)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
Multiple security vulnerabilities have been found in X.Org, a display server used in IGEL OS. This affects the following product versions:
-
IGEL OS 12
-
IGEL OS 11
Details
A use-after-free issue has been found in XSYNC, the synchronization extension of X.Org. This could lead to a crash of the X server or the execution of arbitrary code (CVE-2026-34001), and IGEL rates this issue as high. In addition, the keyboard extension XKB is affected by some vulnerabilities also rated as high: An integer underflow in XkbSetCompatMap() (CVE-2026-33999), an out-of-bounds Read in CheckSetGeom() (CVE-2026-34000), an out-of-bounds read in CheckModifierMap() (CVE-2026-34002), and a buffer overflow in CheckKeyTypes() (CVE-2026-34003).
Update Instructions
-
OS 12: Upgrade to IGEL OS 12.8.1 as soon as it is available.
-
OS 11: Upgrade to IGEL OS 11.11.150 as soon as it is available.
References
-
X.Org Security Advisory: https://lists.x.org/archives/xorg-devel/2026-April/059446.html