| Summary: | libxkbcommon new security issues CVE-2018-1585[3-9] and CVE-2018-1586[0-4] | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, geiger.david68210, sysadmin-bugs, tarazed25, tmb |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA6-64-OK | ||
| Source RPM: | libxkbcommon-0.7.1-1.mga6.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2018-08-31 19:15:52 CEST
Already fixed for Cauldron and now also fixed for mga6. CC:
(none) =>
geiger.david68210 Thanks David! Advisory: ======================== Updated libxkbcommon packages fix security vulnerabilities: Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation (CVE-2018-15853). Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly (CVE-2018-15854). Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled (CVE-2018-15855). An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files (CVE-2018-15856). An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file (CVE-2018-15857). Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file (CVE-2018-15858). Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled (CVE-2018-15859). Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure (CVE-2018-15861). Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers (CVE-2018-15862). Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression (CVE-2018-15863). Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created (CVE-2018-15864). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15853 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15854 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15855 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15856 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15857 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15858 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15859 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15861 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15862 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15864 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/377JCLG64STYRNYZZ4B5QKGX2MAW6JUX/ ======================== Updated packages in core/updates_testing: ======================== libxkbcommon0-0.8.2-1.mga6 libxkbcommon-devel-0.8.2-1.mga6 libxkbcommon-doc-0.8.2-1.mga6 from libxkbcommon-0.8.2-1.mga6.src.rpm Assignee:
bugsquad =>
qa-bugs Mageia 6, x86_64
No reproducers available.
calibre and mpv are among the packages said to require lib64xkbcommon0.
$ strace -o trace mpv TitanOrbitsAnnotated.m4v
$ grep xkbcommon trace
open("/lib64/libxkbcommon.so.0", O_RDONLY|O_CLOEXEC) = 3
open("/usr/lib64/libxkbcommon.so.0.0.0", O_RDONLY) = 3
No ebook devices here but Calibre works perfectly well with 'generic' for PDFs.
$ strace -o trace calibre
.....
$ grep xkb trace
[...]
open("/lib64/libxcb-xkb.so.1", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libxkbcommon-x11.so.0", O_RDONLY|O_CLOEXEC) = 3
open("/lib64/libxkbcommon.so.0", O_RDONLY|O_CLOEXEC) = 3
stat("/usr/share/X11/xkb", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat("/usr/share/X11/xkb", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
access("/usr/share/X11/xkb", R_OK|X_OK) = 0
[...]
Updated the three packages. Note libxkbcommon-doc; not lib64.
Ran mpv and calibre - both working fine.
OK for 64-bits.CC:
(none) =>
tarazed25
Thomas Backlund
2018-09-02 19:35:55 CEST
CC:
(none) =>
tmb Sounds good to me. Validating. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0369.html Resolution:
(none) =>
FIXED |