Synopsis: Moderate: Xorg security and bug fix update
Advisory ID:       SLSA-2019:2079-1
Issue Date:        2019-08-06
CVE Numbers:       CVE-2018-15856
                   CVE-2018-15854
                   CVE-2018-14600
                   CVE-2018-15859
                   CVE-2018-14599
                   CVE-2018-15864
                   CVE-2018-15862
                   CVE-2018-15863
                   CVE-2018-15857
                   CVE-2018-15861
                   CVE-2018-14598
                   CVE-2018-15855
                   CVE-2018-15853
--

Security Fix(es):

* libX11: Crash on invalid reply in XListExtensions in ListExt.c
(CVE-2018-14598)

* libX11: Off-by-one error in XListExtensions in ListExt.c
(CVE-2018-14599)

* libX11: Out of Bounds write in XListExtensions in ListExt.c
(CVE-2018-14600)

* libxkbcommon: Invalid free in ExprAppendMultiKeysymList resulting in a
crash (CVE-2018-15857)

* libxkbcommon: Endless recursion in xkbcomp/expr.c resulting in a crash
(CVE-2018-15853)

* libxkbcommon: NULL pointer dereference resulting in a crash
(CVE-2018-15854)

* libxkbcommon: NULL pointer dereference when handling xkb_geometry
(CVE-2018-15855)

* libxkbcommon: Infinite loop when reaching EOL unexpectedly resulting in
a crash (CVE-2018-15856)

* libxkbcommon: NULL pointer dereference when parsing invalid atoms in
ExprResolveLhs resulting in a crash (CVE-2018-15859)

* libxkbcommon: NULL pointer dereference in ExprResolveLhs resulting in a
crash (CVE-2018-15861)

* libxkbcommon: NULL pointer dereference in LookupModMask resulting in a
crash (CVE-2018-15862)

* libxkbcommon: NULL pointer dereference in ResolveStateAndPredicate
resulting in a crash (CVE-2018-15863)

* libxkbcommon: NULL pointer dereference in resolve_keysym resulting in a
crash (CVE-2018-15864)
--

SL7
  x86_64
    mesa-libGLw-devel-8.0.0-5.el7.x86_64.rpm
    mesa-libGLw-devel-8.0.0-5.el7.i686.rpm
    mesa-libGLw-8.0.0-5.el7.i686.rpm
    mesa-libGLw-8.0.0-5.el7.x86_64.rpm
    libxkbcommon-x11-0.7.1-3.el7.x86_64.rpm
    libX11-devel-1.6.7-2.el7.i686.rpm
    libxkbcommon-x11-0.7.1-3.el7.i686.rpm
    gdm-3.28.2-16.el7.i686.rpm
    libxkbcommon-devel-0.7.1-3.el7.i686.rpm
    xorg-x11-drv-wacom-0.36.1-3.el7.x86_64.rpm
    xorg-x11-server-Xorg-1.20.4-7.el7.x86_64.rpm
    libxkbcommon-0.7.1-3.el7.i686.rpm
    libX11-1.6.7-2.el7.x86_64.rpm
    xorg-x11-server-common-1.20.4-7.el7.x86_64.rpm
    libxkbcommon-devel-0.7.1-3.el7.x86_64.rpm
    libX11-1.6.7-2.el7.i686.rpm
    libX11-common-1.6.7-2.el7.noarch.rpm
    xorg-x11-drv-ati-19.0.1-2.el7.x86_64.rpm
    xorg-x11-server-Xephyr-1.20.4-7.el7.x86_64.rpm
    libxkbcommon-0.7.1-3.el7.x86_64.rpm
    xorg-x11-drv-vesa-2.4.0-3.el7.x86_64.rpm
    gdm-3.28.2-16.el7.x86_64.rpm
    libX11-devel-1.6.7-2.el7.x86_64.rpm
    gdm-pam-extensions-devel-3.28.2-16.el7.x86_64.rpm
    xorg-x11-drv-wacom-devel-0.36.1-3.el7.x86_64.rpm
    gdm-pam-extensions-devel-3.28.2-16.el7.i686.rpm
    xorg-x11-server-devel-1.20.4-7.el7.i686.rpm
    xorg-x11-server-Xvfb-1.20.4-7.el7.x86_64.rpm
    gdm-devel-3.28.2-16.el7.i686.rpm
    xorg-x11-server-Xdmx-1.20.4-7.el7.x86_64.rpm
    xorg-x11-server-Xwayland-1.20.4-7.el7.x86_64.rpm
    xorg-x11-server-Xnest-1.20.4-7.el7.x86_64.rpm
    xorg-x11-server-devel-1.20.4-7.el7.x86_64.rpm
    xorg-x11-drv-wacom-devel-0.36.1-3.el7.i686.rpm
    xorg-x11-server-source-1.20.4-7.el7.noarch.rpm
    gdm-devel-3.28.2-16.el7.x86_64.rpm
    libxkbcommon-x11-devel-0.7.1-3.el7.i686.rpm
    libxkbcommon-x11-devel-0.7.1-3.el7.x86_64.rpm
    gdm-debuginfo-3.28.2-16.el7.i686.rpm
    gdm-debuginfo-3.28.2-16.el7.x86_64.rpm
    libX11-debuginfo-1.6.7-2.el7.i686.rpm
    libX11-debuginfo-1.6.7-2.el7.x86_64.rpm
    libxkbcommon-debuginfo-0.7.1-3.el7.i686.rpm
    libxkbcommon-debuginfo-0.7.1-3.el7.x86_64.rpm
    xorg-x11-drv-ati-debuginfo-19.0.1-2.el7.x86_64.rpm
    xorg-x11-drv-vesa-debuginfo-2.4.0-3.el7.x86_64.rpm
    xorg-x11-drv-wacom-debuginfo-0.36.1-3.el7.x86_64.rpm
    xorg-x11-server-debuginfo-1.20.4-7.el7.x86_64.rpm
    xorg-x11-drv-wacom-debuginfo-0.36.1-3.el7.i686.rpm
    xorg-x11-server-debuginfo-1.20.4-7.el7.i686.rpm
    mesa-libGLw-debuginfo-8.0.0-5.el7.i686.rpm
    mesa-libGLw-debuginfo-8.0.0-5.el7.x86_64.rpm
  noarch
    libX11-common-1.6.7-2.el7.noarch.rpm
    xorg-x11-server-source-1.20.4-7.el7.noarch.rpm

- Scientific Linux Development Team

SciLinux: SLSA-2019-2079-1 Moderate: Xorg on SL7.x x86_64

libX11: Crash on invalid reply in XListExtensions in ListExt.c (CVE-2018-14598) * libX11: Off-by-one error in XListExtensions in ListExt.c (CVE-2018-14599) * libX11: Out of Bounds ...

Summary

Moderate: Xorg security and bug fix update



Security Fixes

* libX11: Crash on invalid reply in XListExtensions in ListExt.c (CVE-2018-14598)
* libX11: Off-by-one error in XListExtensions in ListExt.c (CVE-2018-14599)
* libX11: Out of Bounds write in XListExtensions in ListExt.c (CVE-2018-14600)
* libxkbcommon: Invalid free in ExprAppendMultiKeysymList resulting in a crash (CVE-2018-15857)
* libxkbcommon: Endless recursion in xkbcomp/expr.c resulting in a crash (CVE-2018-15853)
* libxkbcommon: NULL pointer dereference resulting in a crash (CVE-2018-15854)
* libxkbcommon: NULL pointer dereference when handling xkb_geometry (CVE-2018-15855)
* libxkbcommon: Infinite loop when reaching EOL unexpectedly resulting in a crash (CVE-2018-15856)
* libxkbcommon: NULL pointer dereference when parsing invalid atoms in ExprResolveLhs resulting in a crash (CVE-2018-15859)
* libxkbcommon: NULL pointer dereference in ExprResolveLhs resulting in a crash (CVE-2018-15861)
* libxkbcommon: NULL pointer dereference in LookupModMask resulting in a crash (CVE-2018-15862)
* libxkbcommon: NULL pointer dereference in ResolveStateAndPredicate resulting in a crash (CVE-2018-15863)
* libxkbcommon: NULL pointer dereference in resolve_keysym resulting in a crash (CVE-2018-15864)
SL7 x86_64 mesa-libGLw-devel-8.0.0-5.el7.x86_64.rpm mesa-libGLw-devel-8.0.0-5.el7.i686.rpm mesa-libGLw-8.0.0-5.el7.i686.rpm mesa-libGLw-8.0.0-5.el7.x86_64.rpm libxkbcommon-x11-0.7.1-3.el7.x86_64.rpm libX11-devel-1.6.7-2.el7.i686.rpm libxkbcommon-x11-0.7.1-3.el7.i686.rpm gdm-3.28.2-16.el7.i686.rpm libxkbcommon-devel-0.7.1-3.el7.i686.rpm xorg-x11-drv-wacom-0.36.1-3.el7.x86_64.rpm xorg-x11-server-Xorg-1.20.4-7.el7.x86_64.rpm libxkbcommon-0.7.1-3.el7.i686.rpm libX11-1.6.7-2.el7.x86_64.rpm xorg-x11-server-common-1.20.4-7.el7.x86_64.rpm libxkbcommon-devel-0.7.1-3.el7.x86_64.rpm libX11-1.6.7-2.el7.i686.rpm libX11-common-1.6.7-2.el7.noarch.rpm xorg-x11-drv-ati-19.0.1-2.el7.x86_64.rpm xorg-x11-server-Xephyr-1.20.4-7.el7.x86_64.rpm libxkbcommon-0.7.1-3.el7.x86_64.rpm xorg-x11-drv-vesa-2.4.0-3.el7.x86_64.rpm gdm-3.28.2-16.el7.x86_64.rpm libX11-devel-1.6.7-2.el7.x86_64.rpm gdm-pam-extensions-devel-3.28.2-16.el7.x86_64.rpm xorg-x11-drv-wacom-devel-0.36.1-3.el7.x86_64.rpm gdm-pam-extensions-devel-3.28.2-16.el7.i686.rpm xorg-x11-server-devel-1.20.4-7.el7.i686.rpm xorg-x11-server-Xvfb-1.20.4-7.el7.x86_64.rpm gdm-devel-3.28.2-16.el7.i686.rpm xorg-x11-server-Xdmx-1.20.4-7.el7.x86_64.rpm xorg-x11-server-Xwayland-1.20.4-7.el7.x86_64.rpm xorg-x11-server-Xnest-1.20.4-7.el7.x86_64.rpm xorg-x11-server-devel-1.20.4-7.el7.x86_64.rpm xorg-x11-drv-wacom-devel-0.36.1-3.el7.i686.rpm xorg-x11-server-source-1.20.4-7.el7.noarch.rpm gdm-devel-3.28.2-16.el7.x86_64.rpm libxkbcommon-x11-devel-0.7.1-3.el7.i686.rpm libxkbcommon-x11-devel-0.7.1-3.el7.x86_64.rpm gdm-debuginfo-3.28.2-16.el7.i686.rpm gdm-debuginfo-3.28.2-16.el7.x86_64.rpm libX11-debuginfo-1.6.7-2.el7.i686.rpm libX11-debuginfo-1.6.7-2.el7.x86_64.rpm libxkbcommon-debuginfo-0.7.1-3.el7.i686.rpm libxkbcommon-debuginfo-0.7.1-3.el7.x86_64.rpm xorg-x11-drv-ati-debuginfo-19.0.1-2.el7.x86_64.rpm xorg-x11-drv-vesa-debuginfo-2.4.0-3.el7.x86_64.rpm xorg-x11-drv-wacom-debuginfo-0.36.1-3.el7.x86_64.rpm xorg-x11-server-debuginfo-1.20.4-7.el7.x86_64.rpm xorg-x11-drv-wacom-debuginfo-0.36.1-3.el7.i686.rpm xorg-x11-server-debuginfo-1.20.4-7.el7.i686.rpm mesa-libGLw-debuginfo-8.0.0-5.el7.i686.rpm mesa-libGLw-debuginfo-8.0.0-5.el7.x86_64.rpm noarch libX11-common-1.6.7-2.el7.noarch.rpm xorg-x11-server-source-1.20.4-7.el7.noarch.rpm
- Scientific Linux Development Team

Severity
Advisory ID: SLSA-2019:2079-1
Issued Date: : 2019-08-06
CVE Numbers: CVE-2018-15856
CVE-2018-15854
CVE-2018-14600

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved