Fedora 44 Security Updates Address Multiple Vulnerabilities in Xwayland and X Server
Severity: High (Score: 60.6)
Sources: Linuxsecurity
Published: · Updated:
Keywords: security, update, fixes, zdi-can-30136, fedora, xwayland, zdi-can-30159
Severity indicators: critical
Summary
On June 2, 2026, Fedora released critical updates for its Xwayland and X server components, addressing multiple security vulnerabilities identified as ZDI-CAN-30136, ZDI-CAN-30159, ZDI-CAN-30160, ZDI-CAN-30161, ZDI-CAN-30163, ZDI-CAN-30164, ZDI-CAN-30165, and ZDI-CAN-30168. The updates include Xwayland version 24.1.12 and xserver version 21.1.23. These vulnerabilities could potentially allow unauthorized access or exploitation of systems running Fedora 44. Users are advised to apply the updates immediately to mitigate risks associated with these vulnerabilities. The updates can be installed using the 'dnf' package manager. The vulnerabilities were reported by the Zero Day Initiative (ZDI). Current status indicates that the updates are available and should be prioritized by system administrators. Key Points: • Fedora 44 updates released for Xwayland and X server addressing multiple vulnerabilities. • Vulnerabilities include ZDI-CAN-30136 through ZDI-CAN-30168, affecting Fedora 44 systems. • System administrators are urged to apply updates immediately to mitigate potential exploitation.
Detailed Analysis
**Impact** Users of Fedora 44 running X.Org X11 X server and Xwayland are affected by multiple security vulnerabilities. These updates address critical flaws that could impact any sector relying on Fedora 44 for graphical display services, potentially affecting desktop and server environments globally. No specific data breach or exploitation details are provided, but unpatched systems remain at risk of compromise through these vulnerabilities. **Technical Details** The updates address security issues identified by ZDI-CAN advisories 30136, 30159, 30160, 30161, 30163, 30164, 30165, and 30168 affecting xorg-x11-server (version 21.1.23) and xwayland (version 24.1.12). The vulnerabilities reside in the X.Org X11 X server and Xwayland components, which handle graphical client-server interactions under Wayland. No specific attack vectors, malware, or IOCs are detailed in the articles. **Recommended Response** Apply the Fedora 44 security updates immediately using the dnf package manager with advisories FEDORA-2026-7e38f57cef for xorg-x11-server and FEDORA-2026-f98eff99c4 for xwayland. Monitor for unusual graphical session behaviors or unauthorized access attempts. Harden system configurations related to X server access controls and maintain updated intrusion detection signatures where applicable.
Source articles (2)
- Fedora 44 xorg-x11-server Key Security Updates ZDI-CAN-30136 — Linuxsecurity · 2026-06-03
Update to xserver 21.1.23, security fixes for: ZDI-CAN-30136, ZDI-CAN-30159, ZDI-CAN-30160, ZDI-CAN-30161, ZDI-CAN-30163, ZDI-CAN-30164, ZDI-CAN-30165, ZDI-CAN-30168 * Tue Jun 2 2026 Peter Hutterer -… - Fedora 44 Xwayland Critical Update Security Fixes ZDI-CAN — Linuxsecurity · 2026-06-04
Update to xwayland 24.1.12, security fixes for ZDI-CAN-30136, ZDI-CAN-30159, ZDI-CAN-30160, ZDI-CAN-30161, ZDI-CAN-30163, ZDI-CAN-30164, ZDI-CAN-30165, ZDI-CAN-30168 * Tue Jun 2 2026 Peter Hutterer -…
Timeline
- 2026-06-02 — Fedora releases updates for Xwayland and X server: Critical updates for Xwayland 24.1.12 and xserver 21.1.23 were released to address multiple vulnerabilities.
- 2026-06-02 — Multiple vulnerabilities disclosed by ZDI: ZDI disclosed vulnerabilities ZDI-CAN-30136 to ZDI-CAN-30168 affecting Fedora 44 components.
- 2026-06-03 — Fedora 44 update notification issued: Fedora issued notifications for the critical updates, urging users to upgrade their systems.
Related entities
- Fedora (Company)
- Xorg-x11-server-xwayland (Platform)
- Xwayland (Platform)