Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

SUSE: xkbcomp Moderate NULL Pointer Crashes Vuln 2025:4426-1

suse
Calendar Grey December 17, 2025
Dist Suse Esm H88
Critical update for xkbcomp addressing four vulnerabilities and their risks in SUSE systems effective December 2025.
An update that solves four vulnerabilities can now be installed.

Summary

## This update for xkbcomp fixes the following issues: * CVE-2018-15863: NULL pointer dereference triggered by a a crafted keymap file with a no-op modmask expression can lead to a crash (bsc#1105832). * CVE-2018-15861: NULL pointer dereference triggered by a crafted keymap file that induces an `xkb_intern_atom` failure can lead to a crash (bsc#1105832). * CVE-2018-15859: NULL pointer dereference triggered by a specially a crafted keymap file can lead to a crash (bsc#1105832). * CVE-2018-15853: endless recursion triggered by a crafted keymap file that induces boolean negation can lead to a crash (bsc#1105832). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:

References

* bsc#1105832

Cross-

* CVE-2018-15853

* CVE-2018-15859

* CVE-2018-15861

* CVE-2018-15863

CVSS scores:

* CVE-2018-15853 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

* CVE-2018-15853 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

* CVE-2018-15853 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2018-15859 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

* CVE-2018-15859 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

* CVE-2018-15859 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2018-15861 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

* CVE-2018-15861 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Announcement ID: SUSE-SU-2025:4426-1
Release Date: 2025-12-17T11:22:48Z
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here