Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 543
Alerts This Week
Warning Icon 1 543

SUSE: 2018:3685-1 Moderate: libxkbcommon Local Security Prevention

suse
Calendar Grey November 8, 2018
Dist Suse Esm H88
Debian Security Patch addresses various vulnerabilities in libseccomp, enhancing protection against internal risks. Keep updated
An update that fixes 11 vulnerabilities is now available

Summary

This update for libxkbcommon to version 0.8.2 fixes the following issues: - Fix a few NULL-dereferences, out-of-bounds access and undefined behavior in the XKB text format parser. - CVE-2018-15853: Endless recursion could have been used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation (bsc#1105832). - CVE-2018-15854: Unchecked NULL pointer usage could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly (bsc#1105832). - CVE-2018-15855: Unchecked NULL pointer usage could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an

References

#1105832

Cross- CVE-2018-15853 CVE-2018-15854 CVE-2018-15855

CVE-2018-15856 CVE-2018-15857 CVE-2018-15858

CVE-2018-15859 CVE-2018-15861 CVE-2018-15862

CVE-2018-15863 CVE-2018-15864

Affected Products:

SUSE Linux Enterprise Module for Basesystem 15

https://www.suse.com/security/cve/CVE-2018-15853.html

https://www.suse.com/security/cve/CVE-2018-15854.html

https://www.suse.com/security/cve/CVE-2018-15855.html

https://www.suse.com/security/cve/CVE-2018-15856.html

https://www.suse.com/security/cve/CVE-2018-15857.html

https://www.suse.com/security/cve/CVE-2018-15858.html

https://www.suse.com/security/cve/CVE-2018-15859.html

https://www.suse.com/security/cve/CVE-2018-15861.html

Severity
low
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:3685-1
Rating: low

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.