Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:4407-1

Опубликовано: 15 дек. 2025
Источник: suse-cvrf

Описание

Security update for xkbcomp

This update for xkbcomp fixes the following issues:

  • CVE-2018-15863: NULL pointer dereference triggered by a a crafted keymap file with a no-op modmask expression can lead to a crash (bsc#1105832).
  • CVE-2018-15861: NULL pointer dereference triggered by a crafted keymap file that induces an xkb_intern_atom failure can lead to a crash (bsc#1105832).
  • CVE-2018-15859: NULL pointer dereference triggered by a specially a crafted keymap file can lead to a crash (bsc#1105832).
  • CVE-2018-15853: endless recursion triggered by a crafted keymap file that induces boolean negation can lead to a crash (bsc#1105832).

Список пакетов

Image SLES12-SP5-EC2-SAP-BYOS
xkbcomp-1.2.4-11.3.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
xkbcomp-1.2.4-11.3.1
xkbcomp-devel-1.2.4-11.3.1

Ссылки

Описание

Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation.

Затронутые продукты
Image SLES12-SP5-EC2-SAP-BYOS:xkbcomp-1.2.4-11.3.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:xkbcomp-1.2.4-11.3.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:xkbcomp-devel-1.2.4-11.3.1
Ссылки

Описание

Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled.

Затронутые продукты
Image SLES12-SP5-EC2-SAP-BYOS:xkbcomp-1.2.4-11.3.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:xkbcomp-1.2.4-11.3.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:xkbcomp-devel-1.2.4-11.3.1
Ссылки

Описание

Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure.

Затронутые продукты
Image SLES12-SP5-EC2-SAP-BYOS:xkbcomp-1.2.4-11.3.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:xkbcomp-1.2.4-11.3.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:xkbcomp-devel-1.2.4-11.3.1
Ссылки

Описание

Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression.

Затронутые продукты
Image SLES12-SP5-EC2-SAP-BYOS:xkbcomp-1.2.4-11.3.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:xkbcomp-1.2.4-11.3.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:xkbcomp-devel-1.2.4-11.3.1
Ссылки