ALAS2023-2026-1790

Amazon Linux 2023 Security Advisory: ALAS2023-2026-1790
Advisory Released Date: 2026-06-08
Advisory Updated Date: 2026-06-09

Severity: Important

References: CVE-2026-50256 CVE-2026-50258 CVE-2026-50259 CVE-2026-50261 CVE-2026-50262 CVE-2026-50263 CVE-2026-50264
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias target name length is 1024 bytes. A font alias name between 257 and 1023 bytes causes the X server to copy that name into the undersized stack buffer without further checks. This may be used to crash the server, or for privilege escalation if the X server runs as root. (CVE-2026-50256)

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckKeyTypes() does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key types to excessive shift levels and trigger stack overflows. This is caused by an incomplete fix of CVE-2025-26597. This may be used to crash the server, or for privilege escalation if the X server runs as root. (CVE-2026-50258)

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function CheckKeyTypes() writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This may be used to crash the server, or for privilege escalation if the X server runs as root. (CVE-2026-50259)

A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or for privilege escalation if the X server runs as root. (CVE-2026-50261)

Multiple issues have been found in the X server and Xwayland implementations published by X.Org for which we are releasing security fixes for in xorg-server-21.1.23 and xwayland-24.1.12. (CVE-2026-50262)

A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure. (CVE-2026-50263)

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for privilege escalation if the X server runs as root. (CVE-2026-50264)

Affected Packages:

xorg-x11-server

Issue Correction:
Run dnf update xorg-x11-server --releasever 2023.12.20260608 or dnf update --advisory ALAS2023-2026-1790 --releasever 2023.12.20260608 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:

aarch64:
    xorg-x11-server-Xorg-debuginfo-21.1.13-5.amzn2023.0.10.aarch64
    xorg-x11-server-debuginfo-21.1.13-5.amzn2023.0.10.aarch64
    xorg-x11-server-Xephyr-debuginfo-21.1.13-5.amzn2023.0.10.aarch64
    xorg-x11-server-common-21.1.13-5.amzn2023.0.10.aarch64
    xorg-x11-server-Xorg-21.1.13-5.amzn2023.0.10.aarch64
    xorg-x11-server-Xnest-debuginfo-21.1.13-5.amzn2023.0.10.aarch64
    xorg-x11-server-Xvfb-debuginfo-21.1.13-5.amzn2023.0.10.aarch64
    xorg-x11-server-Xephyr-21.1.13-5.amzn2023.0.10.aarch64
    xorg-x11-server-Xnest-21.1.13-5.amzn2023.0.10.aarch64
    xorg-x11-server-Xvfb-21.1.13-5.amzn2023.0.10.aarch64
    xorg-x11-server-debugsource-21.1.13-5.amzn2023.0.10.aarch64
    xorg-x11-server-devel-21.1.13-5.amzn2023.0.10.aarch64

noarch:
    xorg-x11-server-source-21.1.13-5.amzn2023.0.10.noarch

src:
    xorg-x11-server-21.1.13-5.amzn2023.0.10.src

x86_64:
    xorg-x11-server-Xvfb-debuginfo-21.1.13-5.amzn2023.0.10.x86_64
    xorg-x11-server-Xorg-debuginfo-21.1.13-5.amzn2023.0.10.x86_64
    xorg-x11-server-debuginfo-21.1.13-5.amzn2023.0.10.x86_64
    xorg-x11-server-Xephyr-debuginfo-21.1.13-5.amzn2023.0.10.x86_64
    xorg-x11-server-common-21.1.13-5.amzn2023.0.10.x86_64
    xorg-x11-server-Xvfb-21.1.13-5.amzn2023.0.10.x86_64
    xorg-x11-server-debugsource-21.1.13-5.amzn2023.0.10.x86_64
    xorg-x11-server-Xnest-debuginfo-21.1.13-5.amzn2023.0.10.x86_64
    xorg-x11-server-devel-21.1.13-5.amzn2023.0.10.x86_64
    xorg-x11-server-Xephyr-21.1.13-5.amzn2023.0.10.x86_64
    xorg-x11-server-Xnest-21.1.13-5.amzn2023.0.10.x86_64
    xorg-x11-server-Xorg-21.1.13-5.amzn2023.0.10.x86_64

Changelog:

2026-06-09: CVE-2026-50261 was added to this advisory.

2026-06-09: CVE-2026-50258 was added to this advisory.

2026-06-09: CVE-2026-50263 was added to this advisory.

2026-06-09: CVE-2026-50262 was added to this advisory.

2026-06-09: CVE-2026-50264 was added to this advisory.

2026-06-09: CVE-2026-50256 was added to this advisory.

2026-06-09: CVE-2026-50259 was added to this advisory.

Additional References

Release Notes: Amazon Linux 2023 Release Notes

Red Hat: CVE-2026-50256, CVE-2026-50258, CVE-2026-50259, CVE-2026-50261, CVE-2026-50262, CVE-2026-50263, CVE-2026-50264

Mitre: CVE-2026-50256, CVE-2026-50258, CVE-2026-50259, CVE-2026-50261, CVE-2026-50262, CVE-2026-50263, CVE-2026-50264