(RHSA-2019:2079) Moderate: Xorg security and bug fix update

2019-08-06T11:58:40
ID RHSA-2019:2079
Type redhat
Reporter RedHat
Modified 2019-08-06T13:45:46

Description

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.

Security Fix(es):

  • libX11: Crash on invalid reply in XListExtensions in ListExt.c (CVE-2018-14598)

  • libX11: Off-by-one error in XListExtensions in ListExt.c (CVE-2018-14599)

  • libX11: Out of Bounds write in XListExtensions in ListExt.c (CVE-2018-14600)

  • libxkbcommon: Invalid free in ExprAppendMultiKeysymList resulting in a crash (CVE-2018-15857)

  • libxkbcommon: Endless recursion in xkbcomp/expr.c resulting in a crash (CVE-2018-15853)

  • libxkbcommon: NULL pointer dereference resulting in a crash (CVE-2018-15854)

  • libxkbcommon: NULL pointer dereference when handling xkb_geometry (CVE-2018-15855)

  • libxkbcommon: Infinite loop when reaching EOL unexpectedly resulting in a crash (CVE-2018-15856)

  • libxkbcommon: NULL pointer dereference when parsing invalid atoms in ExprResolveLhs resulting in a crash (CVE-2018-15859)

  • libxkbcommon: NULL pointer dereference in ExprResolveLhs resulting in a crash (CVE-2018-15861)

  • libxkbcommon: NULL pointer dereference in LookupModMask resulting in a crash (CVE-2018-15862)

  • libxkbcommon: NULL pointer dereference in ResolveStateAndPredicate resulting in a crash (CVE-2018-15863)

  • libxkbcommon: NULL pointer dereference in resolve_keysym resulting in a crash (CVE-2018-15864)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.