(RHSA-2019:2079) Moderate: Xorg security and bug fix update

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.

Security Fix(es):

• libX11: Crash on invalid reply in XListExtensions in ListExt.c (CVE-2018-14598)

• libX11: Off-by-one error in XListExtensions in ListExt.c (CVE-2018-14599)

• libX11: Out of Bounds write in XListExtensions in ListExt.c (CVE-2018-14600)

• libxkbcommon: Invalid free in ExprAppendMultiKeysymList resulting in a crash (CVE-2018-15857)

• libxkbcommon: Endless recursion in xkbcomp/expr.c resulting in a crash (CVE-2018-15853)

• libxkbcommon: NULL pointer dereference resulting in a crash (CVE-2018-15854)

• libxkbcommon: NULL pointer dereference when handling xkb_geometry (CVE-2018-15855)

• libxkbcommon: Infinite loop when reaching EOL unexpectedly resulting in a crash (CVE-2018-15856)

• libxkbcommon: NULL pointer dereference when parsing invalid atoms in ExprResolveLhs resulting in a crash (CVE-2018-15859)

• libxkbcommon: NULL pointer dereference in ExprResolveLhs resulting in a crash (CVE-2018-15861)

• libxkbcommon: NULL pointer dereference in LookupModMask resulting in a crash (CVE-2018-15862)

• libxkbcommon: NULL pointer dereference in ResolveStateAndPredicate resulting in a crash (CVE-2018-15863)

• libxkbcommon: NULL pointer dereference in resolve_keysym resulting in a crash (CVE-2018-15864)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.