Fedora has issued an advisory on August 30: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/377JCLG64STYRNYZZ4B5QKGX2MAW6JUX/ The issues are fixed upstream in 0.8.2. Mageia 5 may also be affected.
Already fixed for Cauldron and now also fixed for mga6.
CC: (none) => geiger.david68210
Thanks David! Advisory: ======================== Updated libxkbcommon packages fix security vulnerabilities: Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation (CVE-2018-15853). Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly (CVE-2018-15854). Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled (CVE-2018-15855). An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files (CVE-2018-15856). An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file (CVE-2018-15857). Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file (CVE-2018-15858). Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled (CVE-2018-15859). Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure (CVE-2018-15861). Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers (CVE-2018-15862). Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression (CVE-2018-15863). Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created (CVE-2018-15864). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15853 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15854 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15855 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15856 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15857 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15858 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15859 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15861 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15862 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15864 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/377JCLG64STYRNYZZ4B5QKGX2MAW6JUX/ ======================== Updated packages in core/updates_testing: ======================== libxkbcommon0-0.8.2-1.mga6 libxkbcommon-devel-0.8.2-1.mga6 libxkbcommon-doc-0.8.2-1.mga6 from libxkbcommon-0.8.2-1.mga6.src.rpm
Assignee: bugsquad => qa-bugs
Mageia 6, x86_64 No reproducers available. calibre and mpv are among the packages said to require lib64xkbcommon0. $ strace -o trace mpv TitanOrbitsAnnotated.m4v $ grep xkbcommon trace open("/lib64/libxkbcommon.so.0", O_RDONLY|O_CLOEXEC) = 3 open("/usr/lib64/libxkbcommon.so.0.0.0", O_RDONLY) = 3 No ebook devices here but Calibre works perfectly well with 'generic' for PDFs. $ strace -o trace calibre ..... $ grep xkb trace [...] open("/lib64/libxcb-xkb.so.1", O_RDONLY|O_CLOEXEC) = 3 open("/lib64/libxkbcommon-x11.so.0", O_RDONLY|O_CLOEXEC) = 3 open("/lib64/libxkbcommon.so.0", O_RDONLY|O_CLOEXEC) = 3 stat("/usr/share/X11/xkb", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 stat("/usr/share/X11/xkb", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 access("/usr/share/X11/xkb", R_OK|X_OK) = 0 [...] Updated the three packages. Note libxkbcommon-doc; not lib64. Ran mpv and calibre - both working fine. OK for 64-bits.
CC: (none) => tarazed25Whiteboard: (none) => MGA6-64-OK
CC: (none) => tmbKeywords: (none) => advisory
Sounds good to me. Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0369.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED