Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseOPENSUSE-SU-2018:3802-1
HistoryNov 17, 2018 - 12:15 a.m.

Security update for libxkbcommon (low)

2018-11-1700:15:49
lists.opensuse.org
341

0.0004 Low

EPSS

Percentile

12.5%

JSON

This update for libxkbcommon to version 0.8.2 fixes the following issues:

  • Fix a few NULL-dereferences, out-of-bounds access and undefined behavior
    in the XKB text format parser.
  • CVE-2018-15853: Endless recursion could have been used by local
    attackers to crash xkbcommon users by supplying a crafted keymap file
    that triggers boolean negation (bsc#1105832).
  • CVE-2018-15854: Unchecked NULL pointer usage could have been used by
    local attackers to crash (NULL pointer dereference) the xkbcommon parser
    by supplying a crafted keymap file, because geometry tokens were
    desupported incorrectly (bsc#1105832).
  • CVE-2018-15855: Unchecked NULL pointer usage could have been used by
    local attackers to crash (NULL pointer dereference) the xkbcommon parser
    by supplying a crafted keymap file, because the XkbFile for an
    xkb_geometry section was mishandled (bsc#1105832).
  • CVE-2018-15856: An infinite loop when reaching EOL unexpectedly could be
    used by local attackers to cause a denial of service during parsing of
    crafted keymap files (bsc#1105832).
  • CVE-2018-15857: An invalid free in ExprAppendMultiKeysymList could have
    been used by local attackers to crash xkbcommon keymap parsers or
    possibly have unspecified other impact by supplying a crafted keymap
    file (bsc#1105832).
  • CVE-2018-15858: Unchecked NULL pointer usage when handling invalid
    aliases in CopyKeyAliasesToKeymap could have been used by local
    attackers to crash (NULL pointer dereference) the xkbcommon parser by
    supplying a crafted keymap file (bsc#1105832).
  • CVE-2018-15859: Unchecked NULL pointer usage when parsing invalid atoms
    in ExprResolveLhs could have been used by local attackers to crash (NULL
    pointer dereference) the xkbcommon parser by supplying a crafted keymap
    file, because lookup failures are mishandled (bsc#1105832).
  • CVE-2018-15861: Unchecked NULL pointer usage in ExprResolveLhs could
    have been used by local attackers to crash (NULL pointer dereference)
    the xkbcommon parser by supplying a crafted keymap file that triggers an
    xkb_intern_atom failure (bsc#1105832).
  • CVE-2018-15862: Unchecked NULL pointer usage in LookupModMask could have
    been used by local attackers to crash (NULL pointer dereference) the
    xkbcommon parser by supplying a crafted keymap file with invalid virtual
    modifiers (bsc#1105832).
  • CVE-2018-15863: Unchecked NULL pointer usage in ResolveStateAndPredicate
    could have been used by local attackers to crash (NULL pointer
    dereference) the xkbcommon parser by supplying a crafted keymap file
    with a no-op modmask expression (bsc#1105832).
  • CVE-2018-15864: Unchecked NULL pointer usage in resolve_keysym could
    have been used by local attackers to crash (NULL pointer dereference)
    the xkbcommon parser by supplying a crafted keymap file, because a map
    access attempt can
    occur for a map that was never created (bsc#1105832).

This update was imported from the SUSE:SLE-15:Update update project.

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.0x86_64libxkbcommon-x11-devel-32bit< 0.8.2-lp150.2.3.1libxkbcommon-x11-devel-32bit-0.8.2-lp150.2.3.1.x86_64.rpm
openSUSE Leap15.0x86_64libxkbcommon-x11-0-debuginfo< 0.8.2-lp150.2.3.1libxkbcommon-x11-0-debuginfo-0.8.2-lp150.2.3.1.x86_64.rpm
openSUSE Leap15.0x86_64libxkbcommon-x11-0-32bit< 0.8.2-lp150.2.3.1libxkbcommon-x11-0-32bit-0.8.2-lp150.2.3.1.x86_64.rpm
openSUSE Leap15.0x86_64libxkbcommon-x11-0-32bit-debuginfo< 0.8.2-lp150.2.3.1libxkbcommon-x11-0-32bit-debuginfo-0.8.2-lp150.2.3.1.x86_64.rpm
openSUSE Leap15.0i586libxkbcommon-devel< 0.8.2-lp150.2.3.1libxkbcommon-devel-0.8.2-lp150.2.3.1.i586.rpm
openSUSE Leap15.0x86_64libxkbcommon0< 0.8.2-lp150.2.3.1libxkbcommon0-0.8.2-lp150.2.3.1.x86_64.rpm
openSUSE Leap15.0x86_64libxkbcommon0-debuginfo< 0.8.2-lp150.2.3.1libxkbcommon0-debuginfo-0.8.2-lp150.2.3.1.x86_64.rpm
openSUSE Leap15.0x86_64libxkbcommon-devel-32bit< 0.8.2-lp150.2.3.1libxkbcommon-devel-32bit-0.8.2-lp150.2.3.1.x86_64.rpm
openSUSE Leap15.0i586libxkbcommon0-debuginfo< 0.8.2-lp150.2.3.1libxkbcommon0-debuginfo-0.8.2-lp150.2.3.1.i586.rpm
openSUSE Leap15.0i586libxkbcommon0< 0.8.2-lp150.2.3.1libxkbcommon0-0.8.2-lp150.2.3.1.i586.rpm
Rows per page:
1-10 of 201

Related

nessus 26
mageia 1
openvas 15
cloudfoundry 1
gentoo 1
ubuntu 2
centos 1
redhat 1
amazon 1
oraclelinux 1
prion 11
osv 11
veracode 10
rosalinux 1
ubuntucve 11
redhatcve 11
fedora 2
cve 11
debiancve 11
nessus
nessus
SUSE SLES12 Security Update : libxkbcommon (SUSE-SU-2024:0037-1)
2024-01-06 00:00:00
openSUSE Security Update : libxkbcommon (openSUSE-2019-913)
2019-03-27 00:00:00
SUSE SLED15 / SLES15 Security Update : libxkbcommon (SUSE-SU-2018:3685-1)
2019-01-02 00:00:00
mageia
mageia
Updated libxkbcommon packages fix security vulnerabilities
2018-09-07 13:15:03
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2018:3685-1)
2021-06-09 00:00:00
Ubuntu: Security Advisory (USN-3786-2)
2018-11-07 00:00:00
openSUSE: Security Advisory for libxkbcommon (openSUSE-SU-2018:3802-1)
2018-11-17 00:00:00
cloudfoundry
cloudfoundry
USN-3786-1: libxkbcommon vulnerabilities | Cloud Foundry
2018-10-09 00:00:00
gentoo
gentoo
xkbcommon: Multiple vulnerabilities
2018-10-30 00:00:00
ubuntu
ubuntu
libxkbcommon vulnerabilities
2018-11-06 00:00:00
libxkbcommon vulnerabilities
2018-10-08 00:00:00
centos
centos
gdm, libX11, libxkbcommon, xorg security update
2019-08-30 02:52:02
redhat
redhat
(RHSA-2019:2079) Moderate: Xorg security and bug fix update
2019-08-06 07:58:40
amazon
amazon
Medium: xorg-x11-server
2020-06-03 18:21:00
oraclelinux
oraclelinux
Xorg security and bug fix update
2019-08-13 00:00:00
prion
prion
Null pointer dereference
2018-08-25 21:29:00
Design/Logic Flaw
2018-08-25 21:29:00
Code injection
2018-08-25 21:29:00
osv
osv
CVE-2018-15858
2018-08-25 21:29:02
CVE-2018-15854
2018-08-25 21:29:01
CVE-2018-15853
2018-08-25 21:29:01
veracode
veracode
Denial Of Service (DoS)
2019-08-08 00:07:45
Denial Of Service (DoS)
2019-08-08 00:07:45
Denial Of Service (DoS)
2019-08-08 00:07:45
rosalinux
rosalinux
Advisory ROSA-SA-2021-1904
2021-07-02 17:23:23
ubuntucve
ubuntucve
CVE-2018-15857
2018-08-25 00:00:00
CVE-2018-15858
2018-08-25 00:00:00
CVE-2018-15855
2018-08-25 00:00:00
redhatcve
redhatcve
CVE-2018-15858
2018-08-28 12:23:53
CVE-2018-15857
2018-08-28 12:20:23
CVE-2018-15864
2018-08-28 12:21:39
fedora
fedora
[SECURITY] Fedora 28 Update: libxkbcommon-0.8.2-1.fc28
2018-08-30 04:58:45
[SECURITY] Fedora 27 Update: libxkbcommon-0.8.2-1.fc27
2018-09-29 23:57:09
cve
cve
CVE-2018-15853
2018-08-25 21:29:00
CVE-2018-15856
2018-08-25 21:29:00
CVE-2018-15858
2018-08-25 21:29:00
debiancve
debiancve
CVE-2018-15857
2018-08-25 21:29:00
CVE-2018-15858
2018-08-25 21:29:00
CVE-2018-15856
2018-08-25 21:29:00

0.0004 Low

EPSS

Percentile

12.5%

JSON
Related for OPENSUSE-SU-2018:3802-1
nessus26mageia1openvas15cloudfoundry1gentoo1ubuntu2centos1redhat1amazon1oraclelinux1prion11osv11veracode10rosalinux1ubuntucve11redhatcve11fedora2cve11debiancve11