An update for libxkbfile is now available for openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-20.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-1256 Final 1.0 1.0 2025-03-07 Initial 2025-03-07 2025-03-07 openEuler SA Tool V1.0 2025-03-07 libxkbfile security update An update for libxkbfile is now available for openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-20.03-LTS-SP4 Libxkbfile is used by the X servers and utilities to parse the XKB configuration data files. Security Fix(es): A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.(CVE-2025-26595) An update for libxkbfile is now available for openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-20.03-LTS-SP4. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High libxkbfile https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1256 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-26595 https://nvd.nist.gov/vuln/detail/CVE-2025-26595 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-20.03-LTS-SP4 libxkbfile-1.1.0-6.oe2203sp3.x86_64.rpm libxkbfile-debuginfo-1.1.0-6.oe2203sp3.x86_64.rpm libxkbfile-debugsource-1.1.0-6.oe2203sp3.x86_64.rpm libxkbfile-devel-1.1.0-6.oe2203sp3.x86_64.rpm libxkbfile-1.1.0-6.oe2203sp4.x86_64.rpm libxkbfile-debuginfo-1.1.0-6.oe2203sp4.x86_64.rpm libxkbfile-debugsource-1.1.0-6.oe2203sp4.x86_64.rpm libxkbfile-devel-1.1.0-6.oe2203sp4.x86_64.rpm libxkbfile-1.1.2-2.oe2403.x86_64.rpm libxkbfile-debuginfo-1.1.2-2.oe2403.x86_64.rpm libxkbfile-debugsource-1.1.2-2.oe2403.x86_64.rpm libxkbfile-devel-1.1.2-2.oe2403.x86_64.rpm libxkbfile-1.1.2-2.oe2403sp1.x86_64.rpm libxkbfile-debuginfo-1.1.2-2.oe2403sp1.x86_64.rpm libxkbfile-debugsource-1.1.2-2.oe2403sp1.x86_64.rpm libxkbfile-devel-1.1.2-2.oe2403sp1.x86_64.rpm libxkbfile-1.1.0-5.oe2003sp4.x86_64.rpm libxkbfile-debuginfo-1.1.0-5.oe2003sp4.x86_64.rpm libxkbfile-debugsource-1.1.0-5.oe2003sp4.x86_64.rpm libxkbfile-devel-1.1.0-5.oe2003sp4.x86_64.rpm libxkbfile-1.1.0-6.oe2203sp3.aarch64.rpm libxkbfile-debuginfo-1.1.0-6.oe2203sp3.aarch64.rpm libxkbfile-debugsource-1.1.0-6.oe2203sp3.aarch64.rpm libxkbfile-devel-1.1.0-6.oe2203sp3.aarch64.rpm libxkbfile-1.1.0-6.oe2203sp4.aarch64.rpm libxkbfile-debuginfo-1.1.0-6.oe2203sp4.aarch64.rpm libxkbfile-debugsource-1.1.0-6.oe2203sp4.aarch64.rpm libxkbfile-devel-1.1.0-6.oe2203sp4.aarch64.rpm libxkbfile-1.1.2-2.oe2403.aarch64.rpm libxkbfile-debuginfo-1.1.2-2.oe2403.aarch64.rpm libxkbfile-debugsource-1.1.2-2.oe2403.aarch64.rpm libxkbfile-devel-1.1.2-2.oe2403.aarch64.rpm libxkbfile-1.1.2-2.oe2403sp1.aarch64.rpm libxkbfile-debuginfo-1.1.2-2.oe2403sp1.aarch64.rpm libxkbfile-debugsource-1.1.2-2.oe2403sp1.aarch64.rpm libxkbfile-devel-1.1.2-2.oe2403sp1.aarch64.rpm libxkbfile-1.1.0-5.oe2003sp4.aarch64.rpm libxkbfile-debuginfo-1.1.0-5.oe2003sp4.aarch64.rpm libxkbfile-debugsource-1.1.0-5.oe2003sp4.aarch64.rpm libxkbfile-devel-1.1.0-5.oe2003sp4.aarch64.rpm libxkbfile-1.1.0-6.oe2203sp3.src.rpm libxkbfile-1.1.0-6.oe2203sp4.src.rpm libxkbfile-1.1.2-2.oe2403.src.rpm libxkbfile-1.1.2-2.oe2403sp1.src.rpm libxkbfile-1.1.0-5.oe2003sp4.src.rpm A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size. 2025-03-07 CVE-2025-26595 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-20.03-LTS-SP4 High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H libxkbfile security update 2025-03-07 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1256