Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Red Hat Enterprise Linux: RHSA-2019-2079-01 Moderate: Xorg Security Fix

red hat
Calendar Grey August 6, 2019
Dist Redhat Esm H88
An important update for Xorg security and bug fixes has been issued for Red Hat Enterprise Linux, classified with moderate impact to improve stability and resolve vulnerabilities
An update for Xorg is now available for Red Hat Enterprise Linux 7

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.
Security Fix(es):
* libX11: Crash on invalid reply in XListExtensions in ListExt.c (CVE-2018-14598)
* libX11: Off-by-one error in XListExtensions in ListExt.c (CVE-2018-14599)
* libX11: Out of Bounds write in XListExtensions in ListExt.c (CVE-2018-14600)
* libxkbcommon: Invalid free in ExprAppendMultiKeysymList resulting in a crash (CVE-2018-15857)
* libxkbcommon: Endless recursion in xkbcomp/expr.c resulting in a crash (CVE-2018-15853)
* libxkbcommon: NULL pointer dereference resulting in a crash (CVE-2018-15854)
* libxkbcommon: NULL pointer dereference when handling xkb_geometry (CVE-2018-15855)
* libxkbcommon: Infinite loop when reaching EOL unexpectedly resulting in a crash (CVE-2018-15856)
* libxkbcommon: NULL pointer dereference when parsing invalid atoms in ExprResolveLhs resulting in a crash (CVE-2018-15859)
* libxkbcommon: NULL pointer dereference in ExprResolveLhs resulting in a crash (CVE-2018-15861)
* libxkbcommon: NULL pointer dereference in LookupModMask resulting in a crash (CVE-2018-15862)
* libxkbcommon: NULL pointer dereference in ResolveStateAndPredicate resulting in a crash (CVE-2018-15863)
* libxkbcommon: NULL pointer dereference in resolve_keysym resulting in a crash (CVE-2018-15864)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

Topics%20covered

Topics Covered

security advisory moderate security issue Red Hat bug fix security impact Xorg

References

https://access.redhat.com/security/cve/CVE-2018-14598 https://access.redhat.com/security/cve/CVE-2018-14599 https://access.redhat.com/security/cve/CVE-2018-14600 https://access.redhat.com/security/cve/CVE-2018-15853 https://access.redhat.com/security/cve/CVE-2018-15854 https://access.redhat.com/security/cve/CVE-2018-15855 https://access.redhat.com/security/cve/CVE-2018-15856 https://access.redhat.com/security/cve/CVE-2018-15857 https://access.redhat.com/security/cve/CVE-2018-15859 https://access.redhat.com/security/cve/CVE-2018-15861 https://access.redhat.com/security/cve/CVE-2018-15862 https://access.redhat.com/security/cve/CVE-2018-15863 https://access.redhat.com/security/cve/CVE-2018-15864 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index

Package List

Red Hat Enterprise Linux Client (v. 7):
Source: gdm-3.28.2-16.el7.src.rpm libX11-1.6.7-2.el7.src.rpm libxkbcommon-0.7.1-3.el7.src.rpm xorg-x11-drv-ati-19.0.1-2.el7.src.rpm xorg-x11-drv-vesa-2.4.0-3.el7.src.rpm xorg-x11-drv-wacom-0.36.1-3.el7.src.rpm xorg-x11-server-1.20.4-7.el7.src.rpm
noarch: libX11-common-1.6.7-2.el7.noarch.rpm
x86_64: gdm-3.28.2-16.el7.i686.rpm gdm-3.28.2-16.el7.x86_64.rpm gdm-debuginfo-3.28.2-16.el7.i686.rpm gdm-debuginfo-3.28.2-16.el7.x86_64.rpm libX11-1.6.7-2.el7.i686.rpm libX11-1.6.7-2.el7.x86_64.rpm libX11-debuginfo-1.6.7-2.el7.i686.rpm libX11-debuginfo-1.6.7-2.el7.x86_64.rpm libX11-devel-1.6.7-2.el7.i686.rpm libX11-devel-1.6.7-2.el7.x86_64.rpm libxkbcommon-0.7.1-3.el7.i686.rpm libxkbcommon-0.7.1-3.el7.x86_64.rpm libxkbcommon-debuginfo-0.7.1-3.el7.i686.rpm libxkbcommon-debuginfo-0.7.1-3.el7.x86_64.rpm libxkbcommon-x11-0.7.1-3.el7.i686.rpm libxkbcommon-x11-0.7.1-3.el7.x86_64.rpm xorg-x11-drv-ati-19.0.1-2.el7.x86_64.rpm xorg-x11-drv-ati-debuginfo-19.0.1-2.el7.x86_64.rpm xorg-x11-drv-vesa-2.4.0-3.el7.x86_64.rpm xorg-x11-drv-vesa-debuginfo-2.4.0-3.el7.x86_64.rpm xorg-x11-drv-wacom-0.36.1-3.el7.x86_64.rpm xorg-x11-drv-wacom-debuginfo-0.36.1-3.el7.x86_64.rpm xorg-x11-server-Xephyr-1.20.4-7.el7.x86_64.rpm

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2019:2079-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:2079
Issue date: 2019-08-06

Topic

An update for Xorg is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate security issue Red Hat bug fix security impact Xorg

Relevant Releases Architectures

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64

Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64

Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64

Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64

Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

Bugs Fixed

1529419 - RHEL-7.5-Alpha Message log show " fatal IO error 11 (Resource temporarily unavailable) on X server ":9""

1623009 - CVE-2018-15853 libxkbcommon: Endless recursion in xkbcomp/expr.c resulting in a crash

1623012 - CVE-2018-15854 libxkbcommon: NULL pointer dereference resulting in a crash

1623013 - CVE-2018-15855 libxkbcommon: NULL pointer dereference when handling xkb_geometry

1623018 - CVE-2018-15856 libxkbcommon: Infinite loop when reaching EOL unexpectedly resulting in a crash

1623022 - CVE-2018-15857 libxkbcommon: Invalid free in ExprAppendMultiKeysymList resulting in a crash

1623026 - CVE-2018-15859 libxkbcommon: NULL pointer dereference when parsing invalid atoms in ExprResolveLhs resulting in a crash

1623028 - CVE-2018-15861 libxkbcommon: NULL pointer dereference in ExprResolveLhs resulting in a crash

1623029 - CVE-2018-15862 libxkbcommon: NULL pointer dereference in LookupModMask resulting in a crash

1623030 - CVE-2018-15863 libxkbcommon: NULL pointer dereference in ResolveStateAndPredicate resulting in a crash

1623033 - CVE-2018-15864 libxkbcommon: NULL pointer dereference in resolve_keysym resulting in a crash

1623238 - CVE-2018-14598 libX11: Crash on invalid reply in XListExtensions in ListExt.c

1623242 - CVE-2018-14600 libX11: Out of Bounds write in XListExtensions in ListExt.c

1623250 - CVE-2018-14599 libX11: Off-by-one error in XListExtensions in ListExt.c

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here