Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
100
security advisorypatchlow severitySUSE Linux 12 SP5: 2024:0037-1 low: libxkbcommon memory issues
* bsc#1105832 Cross-References: * CVE-2018-15853 * CVE-2018-15854 . # Security update for libxkbcommon Announcement ID: SUSE-SU-2024:0037-1 Rating: low References: * bsc#1105832 Cross-References: * CVE-2018-15853 * CVE-2018-15854 * CVE-2018-15855 * CVE-2018-15856 * CVE-2018-15857 * CVE-2018-15858 * CVE-2018-15859 * CVE-2018-15861 * CVE-2018-15862 * CVE-2018-15863 * CVE-2018-15864 CVSS scores: * CVE-2018-15853 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15853 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-15854 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15854 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-15855 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15855 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-15856 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15856 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-15857 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15857 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2018-15858 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15858 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-15859 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15859 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-15861 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15861 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-15862 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15862 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-15863 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15863 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2018-15864 ( SUSE ): 3.3CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-15864 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves 11 vulnerabilities can now be installed. ## Description: This update for libxkbcommon fixes the following issues: Fixed multiple memory handling and correctness issues (bsc#1105832): * CVE-2018-15859 * CVE-2018-15856 * CVE-2018-15858 * CVE-2018-15864 * CVE-2018-15863 * CVE-2018-15862 * CVE-2018-15861 * CVE-2018-15855 * CVE-2018-15854 * CVE-2018-15857 * CVE-2018-15853 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-37=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-37=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-37=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-37=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libxkbcommon-x11-devel-0.6.1-9.3.1 * libxkbcommon-devel-0.6.1-9.3.1 * libxkbcommon-debugsource-0.6.1-9.3.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libxkbcommon0-0.6.1-9.3.1 * libxkbcommon-x11-0-0.6.1-9.3.1 * libxkbcommon0-debuginfo-0.6.1-9.3.1 * libxkbcommon-debugsource-0.6.1-9.3.1 * libxkbcommon-x11-0-debuginfo-0.6.1-9.3.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) *libxkbcommon0-32bit-0.6.1-9.3.1 * libxkbcommon0-debuginfo-32bit-0.6.1-9.3.1 * libxkbcommon-x11-0-32bit-0.6.1-9.3.1 * libxkbcommon-x11-0-debuginfo-32bit-0.6.1-9.3.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libxkbcommon0-0.6.1-9.3.1 * libxkbcommon-x11-0-0.6.1-9.3.1 * libxkbcommon0-debuginfo-0.6.1-9.3.1 * libxkbcommon-debugsource-0.6.1-9.3.1 * libxkbcommon-x11-0-debuginfo-0.6.1-9.3.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libxkbcommon0-debuginfo-32bit-0.6.1-9.3.1 * libxkbcommon0-32bit-0.6.1-9.3.1 * libxkbcommon-x11-0-32bit-0.6.1-9.3.1 * libxkbcommon-x11-0-debuginfo-32bit-0.6.1-9.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libxkbcommon0-0.6.1-9.3.1 * libxkbcommon-x11-0-0.6.1-9.3.1 * libxkbcommon0-debuginfo-0.6.1-9.3.1 * libxkbcommon-debugsource-0.6.1-9.3.1 * libxkbcommon-x11-0-debuginfo-0.6.1-9.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libxkbcommon0-32bit-0.6.1-9.3.1 * libxkbcommon0-debuginfo-32bit-0.6.1-9.3.1 * libxkbcommon-x11-0-32bit-0.6.1-9.3.1 * libxkbcommon-x11-0-debuginfo-32bit-0.6.1-9.3.1 ## References: * https://www.suse.com/security/cve/CVE-2018-15853.html * https://www.suse.com/security/cve/CVE-2018-15854.html * https://www.suse.com/security/cve/CVE-2018-15855.html * https://www.suse.com/security/cve/CVE-2018-15856.html * https://www.suse.com/security/cve/CVE-2018-15857.html * https://www.suse.com/security/cve/CVE-2018-15858.html * https://www.suse.com/security/cve/CVE-2018-15859.html * https://www.suse.com/security/cve/CVE-2018-15861.html * https://www.suse.com/security/cve/CVE-2018-15862.html * https://www.suse.com/security/cve/CVE-2018-15863.html * https://www.suse.com/security/cve/CVE-2018-15864.html * https://bugzilla.suse.com/show_bug.cgi?id=1105832 . Essential security patch for libxkbcommon rolled out for SUSE Linux, enhancing memory handling and addressingvulnerabilities.. SUSE Linux Security, Libxkbcommon Update, Memory Handling Issues. . Severity: Low. LinuxSecurity.com Team
Jan 05, 2024
•Low
SuSE
200
security advisorymoderatecrashSciLinux: SLSA-2019-2079-1 Moderate: Xorg Update For SL7.x
libX11: Crash on invalid reply in XListExtensions in ListExt.c (CVE-2018-14598) * libX11: Off-by-one error in XListExtensions in ListExt.c (CVE-2018-14599) * libX11: Out of Bounds write in XListExtensions in ListExt.c (CVE-2018-14600) * libxkbcommon: Invalid free in ExprAppendMultiKeysymList resulting in a crash (CVE-2018-15857) * libxkbcommon: Endless recursion in xkbcomp/expr.c resulting [More...]. Synopsis: Moderate: Xorg security and bug fix update Advisory ID: SLSA-2019:2079-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-15856 CVE-2018-15854 CVE-2018-14600 CVE-2018-15859 CVE-2018-14599 CVE-2018-15864 CVE-2018-15862 CVE-2018-15863 CVE-2018-15857 CVE-2018-15861 CVE-2018-14598 CVE-2018-15855 CVE-2018-15853 -- Security Fix(es): * libX11: Crash on invalid reply in XListExtensions in ListExt.c (CVE-2018-14598) * libX11: Off-by-one error in XListExtensions in ListExt.c (CVE-2018-14599) * libX11: Out of Bounds write in XListExtensions in ListExt.c (CVE-2018-14600) * libxkbcommon: Invalid free in ExprAppendMultiKeysymList resulting in a crash (CVE-2018-15857) * libxkbcommon: Endless recursion in xkbcomp/expr.c resulting in a crash (CVE-2018-15853) * libxkbcommon: NULL pointer dereference resulting in a crash (CVE-2018-15854) * libxkbcommon: NULL pointer dereference when handling xkb_geometry (CVE-2018-15855) * libxkbcommon: Infinite loop when reaching EOL unexpectedly resulting in a crash (CVE-2018-15856) * libxkbcommon: NULL pointer dereference when parsing invalid atoms in ExprResolveLhs resulting in a crash (CVE-2018-15859) * libxkbcommon: NULL pointer dereference in ExprResolveLhs resulting in a crash (CVE-2018-15861) * libxkbcommon: NULL pointer dereference in LookupModMask resulting in a crash (CVE-2018-15862) * libxkbcommon: NULL pointer dereference inResolveStateAndPredicate resulting in a crash (CVE-2018-15863) * libxkbcommon: NULL pointer dereference in resolve_keysym resulting in a crash (CVE-2018-15864) -- SL7 x86_64 mesa-libGLw-devel-8.0.0-5.el7.x86_64.rpm mesa-libGLw-devel-8.0.0-5.el7.i686.rpm mesa-libGLw-8.0.0-5.el7.i686.rpm mesa-libGLw-8.0.0-5.el7.x86_64.rpm libxkbcommon-x11-0.7.1-3.el7.x86_64.rpm libX11-devel-1.6.7-2.el7.i686.rpm libxkbcommon-x11-0.7.1-3.el7.i686.rpm gdm-3.28.2-16.el7.i686.rpm libxkbcommon-devel-0.7.1-3.el7.i686.rpm xorg-x11-drv-wacom-0.36.1-3.el7.x86_64.rpm xorg-x11-server-Xorg-1.20.4-7.el7.x86_64.rpm libxkbcommon-0.7.1-3.el7.i686.rpm libX11-1.6.7-2.el7.x86_64.rpm xorg-x11-server-common-1.20.4-7.el7.x86_64.rpm libxkbcommon-devel-0.7.1-3.el7.x86_64.rpm libX11-1.6.7-2.el7.i686.rpm libX11-common-1.6.7-2.el7.noarch.rpm xorg-x11-drv-ati-19.0.1-2.el7.x86_64.rpm xorg-x11-server-Xephyr-1.20.4-7.el7.x86_64.rpm libxkbcommon-0.7.1-3.el7.x86_64.rpm xorg-x11-drv-vesa-2.4.0-3.el7.x86_64.rpm gdm-3.28.2-16.el7.x86_64.rpm libX11-devel-1.6.7-2.el7.x86_64.rpm gdm-pam-extensions-devel-3.28.2-16.el7.x86_64.rpm xorg-x11-drv-wacom-devel-0.36.1-3.el7.x86_64.rpm gdm-pam-extensions-devel-3.28.2-16.el7.i686.rpm xorg-x11-server-devel-1.20.4-7.el7.i686.rpm xorg-x11-server-Xvfb-1.20.4-7.el7.x86_64.rpm gdm-devel-3.28.2-16.el7.i686.rpm xorg-x11-server-Xdmx-1.20.4-7.el7.x86_64.rpm xorg-x11-server-Xwayland-1.20.4-7.el7.x86_64.rpm xorg-x11-server-Xnest-1.20.4-7.el7.x86_64.rpm xorg-x11-server-devel-1.20.4-7.el7.x86_64.rpm xorg-x11-drv-wacom-devel-0.36.1-3.el7.i686.rpm xorg-x11-server-source-1.20.4-7.el7.noarch.rpm gdm-devel-3.28.2-16.el7.x86_64.rpm libxkbcommon-x11-devel-0.7.1-3.el7.i686.rpm libxkbcommon-x11-devel-0.7.1-3.el7.x86_64.rpm gdm-debuginfo-3.28.2-16.el7.i686.rpm gdm-debuginfo-3.28.2-16.el7.x86_64.rpm libX11-debuginfo-1.6.7-2.el7.i686.rpm libX11-debuginfo-1.6.7-2.el7.x86_64.rpm libxkbcommon-debuginfo-0.7.1-3.el7.i686.rpm libxkbcommon-debuginfo-0.7.1-3.el7.x86_64.rpm xorg-x11-drv-ati-debuginfo-19.0.1-2.el7.x86_64.rpm xorg-x11-drv-vesa-debuginfo-2.4.0-3.el7.x86_64.rpm xorg-x11-drv-wacom-debuginfo-0.36.1-3.el7.x86_64.rpm xorg-x11-server-debuginfo-1.20.4-7.el7.x86_64.rpm xorg-x11-drv-wacom-debuginfo-0.36.1-3.el7.i686.rpm xorg-x11-server-debuginfo-1.20.4-7.el7.i686.rpm mesa-libGLw-debuginfo-8.0.0-5.el7.i686.rpm mesa-libGLw-debuginfo-8.0.0-5.el7.x86_64.rpm noarch libX11-common-1.6.7-2.el7.noarch.rpm xorg-x11-server-source-1.20.4-7.el7.noarch.rpm - Scientific Linux Development Team . Critical security patch released for SL7.x focusing on Xorg, resolving significant stability issues and vulnerabilities found in libX11 and libxkbcommon components.. Xorg Security Update, SL7 x86_64, libX11 Crash Fix, libxkbcommon Patch. . LinuxSecurity.com Team
Aug 26, 2019
Scientific Linux
202
security advisorysecurity updatelow severityopenSUSE Leap 15.0: Advisory ID 2018:3802-1 Low Severity Crash Risk
An update that fixes 11 vulnerabilities is now available.. openSUSE Security Update: Security update for libxkbcommon ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:3802-1 Rating: low References: #1105832 Cross-References: CVE-2018-15853 CVE-2018-15854 CVE-2018-15855 CVE-2018-15856 CVE-2018-15857 CVE-2018-15858 CVE-2018-15859 CVE-2018-15861 CVE-2018-15862 CVE-2018-15863 CVE-2018-15864 Affected Products: openSUSE Leap 15.0 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for libxkbcommon to version 0.8.2 fixes the following issues: - Fix a few NULL-dereferences, out-of-bounds access and undefined behavior in the XKB text format parser. - CVE-2018-15853: Endless recursion could have been used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation (bsc#1105832). - CVE-2018-15854: Unchecked NULL pointer usage could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly (bsc#1105832). - CVE-2018-15855: Unchecked NULL pointer usage could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled (bsc#1105832). - CVE-2018-15856: An infinite loop when reaching EOL unexpectedly could be used by local attackers to cause a denial of service during parsing of crafted keymap files (bsc#1105832). - CVE-2018-15857: An invalid free in ExprAppendMultiKeysymList could have been used by local attackers to crash xkbcommon keymap parsers or possiblyhave unspecified other impact by supplying a crafted keymap file (bsc#1105832). - CVE-2018-15858: Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file (bsc#1105832). - CVE-2018-15859: Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled (bsc#1105832). - CVE-2018-15861: Unchecked NULL pointer usage in ExprResolveLhs could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure (bsc#1105832). - CVE-2018-15862: Unchecked NULL pointer usage in LookupModMask could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers (bsc#1105832). - CVE-2018-15863: Unchecked NULL pointer usage in ResolveStateAndPredicate could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression (bsc#1105832). - CVE-2018-15864: Unchecked NULL pointer usage in resolve_keysym could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created (bsc#1105832). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed foryour product: - openSUSE Leap 15.0: zypper in -t patch openSUSE-2018-1418=1 Package List: - openSUSE Leap 15.0 (i586 x86_64): libxkbcommon-debugsource-0.8.2-lp150.2.3.1 libxkbcommon-devel-0.8.2-lp150.2.3.1 libxkbcommon-x11-0-0.8.2-lp150.2.3.1 libxkbcommon-x11-0-debuginfo-0.8.2-lp150.2.3.1 libxkbcommon-x11-devel-0.8.2-lp150.2.3.1 libxkbcommon0-0.8.2-lp150.2.3.1 libxkbcommon0-debuginfo-0.8.2-lp150.2.3.1 - openSUSE Leap 15.0 (x86_64): libxkbcommon-devel-32bit-0.8.2-lp150.2.3.1 libxkbcommon-x11-0-32bit-0.8.2-lp150.2.3.1 libxkbcommon-x11-0-32bit-debuginfo-0.8.2-lp150.2.3.1 libxkbcommon-x11-devel-32bit-0.8.2-lp150.2.3.1 libxkbcommon0-32bit-0.8.2-lp150.2.3.1 libxkbcommon0-32bit-debuginfo-0.8.2-lp150.2.3.1 References: https://www.suse.com/security/cve/CVE-2018-15853.html https://www.suse.com/security/cve/CVE-2018-15854.html https://www.suse.com/security/cve/CVE-2018-15855.html https://www.suse.com/security/cve/CVE-2018-15856.html https://www.suse.com/security/cve/CVE-2018-15857.html https://www.suse.com/security/cve/CVE-2018-15858.html https://www.suse.com/security/cve/CVE-2018-15859.html https://www.suse.com/security/cve/CVE-2018-15861.html https://www.suse.com/security/cve/CVE-2018-15862.html https://www.suse.com/security/cve/CVE-2018-15863.html https://www.suse.com/security/cve/CVE-2018-15864.html https://bugzilla.suse.com/1105832 -- . A recent patch for libxkbcommon addresses several security vulnerabilities that impact openSUSE Leap 15.0, categorizing them with low severity ratings.. openSUSE Security Update, libxkbcommon, low Severity. . Severity: Low. LinuxSecurity.com Team
Nov 17, 2018
•Low
OpenSUSE
100
security advisorylocal attacklow severitySUSE: 2018:3685-1 Moderate: libxkbcommon Local Security Prevention
An update that fixes 11 vulnerabilities is now available. . SUSE Security Update: Security update for libxkbcommon ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3685-1 Rating: low References: #1105832 Cross-References: CVE-2018-15853 CVE-2018-15854 CVE-2018-15855 CVE-2018-15856 CVE-2018-15857 CVE-2018-15858 CVE-2018-15859 CVE-2018-15861 CVE-2018-15862 CVE-2018-15863 CVE-2018-15864 Affected Products: SUSE Linux Enterprise Module for Basesystem 15 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for libxkbcommon to version 0.8.2 fixes the following issues: - Fix a few NULL-dereferences, out-of-bounds access and undefined behavior in the XKB text format parser. - CVE-2018-15853: Endless recursion could have been used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation (bsc#1105832). - CVE-2018-15854: Unchecked NULL pointer usage could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly (bsc#1105832). - CVE-2018-15855: Unchecked NULL pointer usage could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled (bsc#1105832). - CVE-2018-15856: An infinite loop when reaching EOL unexpectedly could be used by local attackers to cause a denial of service during parsing of crafted keymap files (bsc#1105832). - CVE-2018-15857: An invalid free in ExprAppendMultiKeysymList could have been used by local attackers to crash xkbcommon keymapparsers or possibly have unspecified other impact by supplying a crafted keymap file (bsc#1105832). - CVE-2018-15858: Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file (bsc#1105832). - CVE-2018-15859: Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled (bsc#1105832). - CVE-2018-15861: Unchecked NULL pointer usage in ExprResolveLhs could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure (bsc#1105832). - CVE-2018-15862: Unchecked NULL pointer usage in LookupModMask could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers (bsc#1105832). - CVE-2018-15863: Unchecked NULL pointer usage in ResolveStateAndPredicate could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression (bsc#1105832). - CVE-2018-15864: Unchecked NULL pointer usage in resolve_keysym could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created (bsc#1105832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module forBasesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2620=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): libxkbcommon-debugsource-0.8.2-3.3.1 libxkbcommon-devel-0.8.2-3.3.1 libxkbcommon-x11-0-0.8.2-3.3.1 libxkbcommon-x11-0-debuginfo-0.8.2-3.3.1 libxkbcommon-x11-devel-0.8.2-3.3.1 libxkbcommon0-0.8.2-3.3.1 libxkbcommon0-debuginfo-0.8.2-3.3.1 References: https://www.suse.com/security/cve/CVE-2018-15853.html https://www.suse.com/security/cve/CVE-2018-15854.html https://www.suse.com/security/cve/CVE-2018-15855.html https://www.suse.com/security/cve/CVE-2018-15856.html https://www.suse.com/security/cve/CVE-2018-15857.html https://www.suse.com/security/cve/CVE-2018-15858.html https://www.suse.com/security/cve/CVE-2018-15859.html https://www.suse.com/security/cve/CVE-2018-15861.html https://www.suse.com/security/cve/CVE-2018-15862.html https://www.suse.com/security/cve/CVE-2018-15863.html https://www.suse.com/security/cve/CVE-2018-15864.html https://bugzilla.suse.com/1105832 _______________________________________________ sle-security-updates mailing list
Nov 08, 2018
•Low
SuSE
172
security advisorydenial of servicecriticalUbuntu 18.04 LTS USN-3786-2 Critical: libxkbcommon Denial Of Service
Several security issues were fixed in libxkbcommon.. =========================================================================Ubuntu Security Notice USN-3786-2 November 06, 2018 libxkbcommon vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Several security issues were fixed in libxkbcommon. Software Description: - libxkbcommon: library interface to the XKB compiler - development files Details: USN-3786-1 fixed several vulnerabilities in libxkbcommon. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: It was discovered that libxkbcommon incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-15853, CVE-2018-15854, CVE-2018-15855, CVE-2018- 15856, CVE-2018-15857, CVE-2018-15858, CVE-2018-15859, CVE-2018-15861, CVE-2018-15862, CVE-2018-15863, CVE-2018-15864) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libxkbcommon-x11-0 0.8.0-1ubuntu0.1 libxkbcommon0 0.8.0-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3786-2 https://ubuntu.com/security/notices/USN-3786-1 CVE-2018-15853, CVE-2018-15854, CVE-2018-15855, CVE-2018-15856, CVE-2018-15857, CVE-2018-15858, CVE-2018-15859, CVE-2018-15861, CVE-2018-15862, CVE-2018-15863, CVE-2018-15864 Package Information: https://launchpad.net/ubuntu/+source/libxkbcommon/0.8.0-1ubuntu0.1 . Announcement regarding urgent patches for libxkbcommon on Ubuntu 18.04 LTS, rectifying multiple vulnerabilities.. libxkbcommon Update, Ubuntu 18.04 LTS, security patch. . Severity: Critical. LinuxSecurity.com Team
Nov 06, 2018
•Critical
Ubuntu
172
security advisorymoderatedenial of serviceUbuntu 16.04 LTS USN-3786-1 Moderate: libxkbcommon Denial of Service
Several security issues were fixed in libxkbcommon.. =========================================================================Ubuntu Security Notice USN-3786-1 October 08, 2018 libxkbcommon vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in libxkbcommon. Software Description: - libxkbcommon: library interface to the XKB compiler - development files Details: It was discovered that libxkbcommon incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-15853, CVE-2018-15854, CVE-2018-15855, CVE-2018-15856, CVE-2018-15857, CVE-2018-15858, CVE-2018-15859, CVE-2018-15861, CVE-2018-15862, CVE-2018-15863, CVE-2018-15864) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libxkbcommon-x11-0 0.5.0-1ubuntu2.1 libxkbcommon0 0.5.0-1ubuntu2.1 Ubuntu 14.04 LTS: libxkbcommon-x11-0 0.4.1-0ubuntu1.1 libxkbcommon0 0.4.1-0ubuntu1.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3786-1 CVE-2018-15853, CVE-2018-15854, CVE-2018-15855, CVE-2018-15856, CVE-2018-15857, CVE-2018-15858, CVE-2018-15859, CVE-2018-15861, CVE-2018-15862, CVE-2018-15863, CVE-2018-15864 Package Information: https://launchpad.net/ubuntu/+source/libxkbcommon/0.5.0-1ubuntu2.1 https://launchpad.net/ubuntu/+source/libxkbcommon/0.4.1-0ubuntu1.1 . Ubuntu Security Notice USN-3790-1 tackles several libgcrypt vulnerabilities. Upgrade promptly to mitigate potential exploitation threats.. libxkbcommon issues, Ubuntu update, denial of service fix. .LinuxSecurity.com Team
Oct 08, 2018
Ubuntu
89
security advisoryupdateFedoraFedora 27 libxkbcommon Update: Moderate Memory Issues Fixed
libxkbcommon 0.8.2, CVE-2018-15853 through to 15864. These fix a number of memory handling issues with xkbcommon. Together with the keymap FD handling in various Wayland compositors (keymaps could be mapped rw and clients could thus replace the content) libxkbcommon's memory issues could serve as attack vector to gain access to another client. The update to 0.8.2 is a lot easier and safer. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-11ed8d95e2 2018-09-29 23:56:16.096133 --------------------------------------------------------------------------------Name : libxkbcommon Product : Fedora 27 Version : 0.8.2 Release : 1.fc27 URL : https://www.x.org/wiki/ Summary : X.Org X11 XKB parsing library Description : libxkbcommon is the X.Org library for compiling XKB maps into formats usable by the X Server or other display servers. --------------------------------------------------------------------------------Update Information: libxkbcommon 0.8.2, CVE-2018-15853 through to 15864. These fix a number of memory handling issues with xkbcommon. Together with the keymap FD handling in various Wayland compositors (keymaps could be mapped rw and clients could thus replace the content) libxkbcommon's memory issues could serve as attack vector to gain access to another client. The update to 0.8.2 is a lot easier and safer than backporting all patches, given the number of other fixes not (yet?) assigned a CVE. --------------------------------------------------------------------------------ChangeLog: * Mon Aug 6 2018 Peter Hutterer 0.8.2-1 - libxkbcommon 0.8.2 * Tue Jul 31 2018 Florian Weimer - 0.8.0-6 - Rebuild with fixed binutils * Mon Jul 30 2018 Peter Hutterer 0.8.0-5 - Fix invalid pointer passed to FreeStmt() * Fri Jul 13 2018 Fedora Release Engineering - 0.8.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Wed Feb 7 2018 Fedora Release Engineering -0.8.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Sat Feb 3 2018 Igor Gnatenko - 0.8.0-2 - Switch to %ldconfig_scriptlets * Tue Dec 19 2017 Peter Hutterer 0.8.0-1 - libxkbcommon 0.8.0 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-11ed8d95e2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Sep 29, 2018
Fedora
203
security advisorylocal attackDenial of ServiceMageia 6 Security Advisory: 2018-0369 Critical Denial Of Service
Updated libxkbcommon packages fix security vulnerabilities: Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation . MGASA-2018-0369 - Updated libxkbcommon packages fix security vulnerabilities Publication date: 07 Sep 2018 URL: https://advisories.mageia.org/MGASA-2018-0369.html Type: security Affected Mageia releases: 6 CVE: CVE-2018-15853, CVE-2018-15854, CVE-2018-15855, CVE-2018-15856, CVE-2018-15857, CVE-2018-15858, CVE-2018-15859, CVE-2018-15861, CVE-2018-15862, CVE-2018-15863, CVE-2018-15864 Updated libxkbcommon packages fix security vulnerabilities: Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation (CVE-2018-15853). Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly (CVE-2018-15854). Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled (CVE-2018-15855). An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files (CVE-2018-15856). An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file (CVE-2018-15857). Unchecked NULLpointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file (CVE-2018-15858). Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled (CVE-2018-15859). Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure (CVE-2018-15861). Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers (CVE-2018-15862). Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackersto crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression (CVE-2018-15863). Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created (CVE-2018-15864). References: - https://bugs.mageia.org/show_bug.cgi?id=23506 - https://lists.fedoraproject.org/archives/list/
Sep 07, 2018
•Critical
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!