Updated libxkbcommon packages fix security vulnerabilities
Publication date: 07 Sep 2018Modification date: 07 Sep 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-15853 , CVE-2018-15854 , CVE-2018-15855 , CVE-2018-15856 , CVE-2018-15857 , CVE-2018-15858 , CVE-2018-15859 , CVE-2018-15861 , CVE-2018-15862 , CVE-2018-15863 , CVE-2018-15864
Description
Updated libxkbcommon packages fix security vulnerabilities: Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation (CVE-2018-15853). Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly (CVE-2018-15854). Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled (CVE-2018-15855). An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files (CVE-2018-15856). An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file (CVE-2018-15857). Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file (CVE-2018-15858). Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled (CVE-2018-15859). Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure (CVE-2018-15861). Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers (CVE-2018-15862). Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression (CVE-2018-15863). Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created (CVE-2018-15864).
References
- https://bugs.mageia.org/show_bug.cgi?id=23506
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/377JCLG64STYRNYZZ4B5QKGX2MAW6JUX/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15853
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15854
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15855
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15856
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15857
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15858
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15859
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15861
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15862
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15863
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15864
SRPMS
6/core
- libxkbcommon-0.8.2-1.mga6