Advisories ยป MGASA-2018-0369

Updated libxkbcommon packages fix security vulnerabilities

Publication date: 07 Sep 2018
Modification date: 07 Sep 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-15853 , CVE-2018-15854 , CVE-2018-15855 , CVE-2018-15856 , CVE-2018-15857 , CVE-2018-15858 , CVE-2018-15859 , CVE-2018-15861 , CVE-2018-15862 , CVE-2018-15863 , CVE-2018-15864

Description

Updated libxkbcommon packages fix security vulnerabilities:

Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon
before 0.8.1, which could be used by local attackers to crash xkbcommon
users by supplying a crafted keymap file that triggers boolean negation
(CVE-2018-15853).

Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by
local attackers to crash (NULL pointer dereference) the xkbcommon parser
by supplying a crafted keymap file, because geometry tokens were
desupported incorrectly (CVE-2018-15854).

Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by
local attackers to crash (NULL pointer dereference) the xkbcommon parser
by supplying a crafted keymap file, because the XkbFile for an xkb_geometry
section was mishandled (CVE-2018-15855).

An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka
the keymap parser) in xkbcommon before 0.8.1 could be used by local
attackers to cause a denial of service during parsing of crafted keymap
files (CVE-2018-15856).

An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in
xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon
keymap parsers or possibly have unspecified other impact by supplying a
crafted keymap file (CVE-2018-15857).

Unchecked NULL pointer usage when handling invalid aliases in
CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1
could be used by local attackers to crash (NULL pointer dereference) the
xkbcommon parser by supplying a crafted keymap file (CVE-2018-15858).

Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs
in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local
attackers to crash (NULL pointer dereference) the xkbcommon parser by
supplying a crafted keymap file, because lookup failures are mishandled
(CVE-2018-15859).

Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in
xkbcommon before 0.8.2 could be used by local attackers to crash (NULL
pointer dereference) the xkbcommon parser by supplying a crafted keymap
file that triggers an xkb_intern_atom failure (CVE-2018-15861).

Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in
xkbcommon before 0.8.2 could be used by local attackers to crash (NULL
pointer dereference) the xkbcommon parser by supplying a crafted keymap
file with invalid virtual modifiers (CVE-2018-15862).

Unchecked NULL pointer usage in ResolveStateAndPredicate in
xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers
to crash (NULL pointer dereference) the xkbcommon parser by supplying a
crafted keymap file with a no-op modmask expression (CVE-2018-15863).

Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in
xkbcommon before 0.8.2 could be used by local attackers to crash (NULL
pointer dereference) the xkbcommon parser by supplying a crafted keymap
file, because a map access attempt can occur for a map that was never
created (CVE-2018-15864).

References

SRPMS

6/core