Skip to main content
Skip table of contents

ISN 2025-07: X.org Vulnerabilities

First published 27 March 2025

CVSS 3.1: 8.8 (High)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Summary

Several security vulnerabilities have been found in X.org, the display system used in IGEL OS. This affects the following product versions:

  • IGEL OS 12

  • IGEL OS 11

Details

Three of the vulnerabilities found in X.org are of the use-after-free type, which may cause the X-Server to crash or may enable an attacker to execute code: CVE-2025-26594 (high), CVE-2025-26600 (high), and CVE-2025-26601 (high). Buffer overflows have been discovered in XkbVModMaskText() (CVE-2025-26595, high) and XkbChangeTypesOfKey() (CVE-2025-26597, high), while a heap overflow affects XkbWriteKeySyms() (CVE-2025-26596, high).

Additionally, an uninitialized pointer affects the compositor (CVE-2025-26599, high), and out-of-bounds write has been found in CreatePointerBarrierClient() (CVE-2025-26598, high).

Update Instructions

  • OS 12: Update to the IGEL OS base system 12.7.0 when available.

  • OS 11: Update to IGEL OS 11.11.100 when available (planned for August).

References

X.Org Security Advisory: https://lists.x.org/archives/xorg-announce/2025-February/003584.html

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close