{"id":"MGASA-2018-0369","summary":"Updated libxkbcommon packages fix security vulnerabilities","details":"Updated libxkbcommon packages fix security vulnerabilities:\n\nEndless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon\nbefore 0.8.1, which could be used by local attackers to crash xkbcommon\nusers by supplying a crafted keymap file that triggers boolean negation\n(CVE-2018-15853).\n\nUnchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by\nlocal attackers to crash (NULL pointer dereference) the xkbcommon parser\nby supplying a crafted keymap file, because geometry tokens were\ndesupported incorrectly (CVE-2018-15854).\n\nUnchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by\nlocal attackers to crash (NULL pointer dereference) the xkbcommon parser\nby supplying a crafted keymap file, because the XkbFile for an xkb_geometry\nsection was mishandled (CVE-2018-15855).\n\nAn infinite loop when reaching EOL unexpectedly in compose/parser.c (aka\nthe keymap parser) in xkbcommon before 0.8.1 could be used by local\nattackers to cause a denial of service during parsing of crafted keymap\nfiles (CVE-2018-15856).\n\nAn invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in\nxkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon\nkeymap parsers or possibly have unspecified other impact by supplying a\ncrafted keymap file (CVE-2018-15857).\n\nUnchecked NULL pointer usage when handling invalid aliases in\nCopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1\ncould be used by local attackers to crash (NULL pointer dereference) the\nxkbcommon parser by supplying a crafted keymap file (CVE-2018-15858).\n\nUnchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs\nin xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local\nattackers to crash (NULL pointer dereference) the xkbcommon parser by\nsupplying a crafted keymap file, because lookup failures are mishandled\n(CVE-2018-15859).\n\nUnchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in\nxkbcommon before 0.8.2 could be used by local attackers to crash (NULL\npointer dereference) the xkbcommon parser by supplying a crafted keymap\nfile that triggers an xkb_intern_atom failure (CVE-2018-15861).\n\nUnchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in\nxkbcommon before 0.8.2 could be used by local attackers to crash (NULL\npointer dereference) the xkbcommon parser by supplying a crafted keymap\nfile with invalid virtual modifiers (CVE-2018-15862).\n\nUnchecked NULL pointer usage in ResolveStateAndPredicate in\nxkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers\nto crash (NULL pointer dereference) the xkbcommon parser by supplying a\ncrafted keymap file with a no-op modmask expression (CVE-2018-15863).\n\nUnchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in\nxkbcommon before 0.8.2 could be used by local attackers to crash (NULL\npointer dereference) the xkbcommon parser by supplying a crafted keymap\nfile, because a map access attempt can occur for a map that was never\ncreated (CVE-2018-15864).\n","modified":"2026-02-04T02:41:12.529920Z","published":"2018-09-07T10:15:03Z","related":["CVE-2018-15853","CVE-2018-15854","CVE-2018-15855","CVE-2018-15856","CVE-2018-15857","CVE-2018-15858","CVE-2018-15859","CVE-2018-15861","CVE-2018-15862","CVE-2018-15863","CVE-2018-15864"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0369.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23506"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/377JCLG64STYRNYZZ4B5QKGX2MAW6JUX/"}],"affected":[{"package":{"name":"libxkbcommon","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/libxkbcommon?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.2-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0369.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}