Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:4426-1

Опубликовано: 17 дек. 2025
Источник: suse-cvrf

Описание

Security update for xkbcomp

This update for xkbcomp fixes the following issues:

  • CVE-2018-15863: NULL pointer dereference triggered by a a crafted keymap file with a no-op modmask expression can lead to a crash (bsc#1105832).
  • CVE-2018-15861: NULL pointer dereference triggered by a crafted keymap file that induces an xkb_intern_atom failure can lead to a crash (bsc#1105832).
  • CVE-2018-15859: NULL pointer dereference triggered by a specially a crafted keymap file can lead to a crash (bsc#1105832).
  • CVE-2018-15853: endless recursion triggered by a crafted keymap file that induces boolean negation can lead to a crash (bsc#1105832).

Список пакетов

Container suse/kiosk/xorg:latest
xkbcomp-1.4.1-150000.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
xkbcomp-1.4.1-150000.3.6.1
xkbcomp-devel-1.4.1-150000.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
xkbcomp-1.4.1-150000.3.6.1
xkbcomp-devel-1.4.1-150000.3.6.1
openSUSE Leap 15.6
xkbcomp-1.4.1-150000.3.6.1
xkbcomp-devel-1.4.1-150000.3.6.1

Ссылки

Описание

Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation.

Затронутые продукты
Container suse/kiosk/xorg:latest:xkbcomp-1.4.1-150000.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:xkbcomp-1.4.1-150000.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:xkbcomp-devel-1.4.1-150000.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:xkbcomp-1.4.1-150000.3.6.1
Ссылки

Описание

Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled.

Затронутые продукты
Container suse/kiosk/xorg:latest:xkbcomp-1.4.1-150000.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:xkbcomp-1.4.1-150000.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:xkbcomp-devel-1.4.1-150000.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:xkbcomp-1.4.1-150000.3.6.1
Ссылки

Описание

Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure.

Затронутые продукты
Container suse/kiosk/xorg:latest:xkbcomp-1.4.1-150000.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:xkbcomp-1.4.1-150000.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:xkbcomp-devel-1.4.1-150000.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:xkbcomp-1.4.1-150000.3.6.1
Ссылки

Описание

Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression.

Затронутые продукты
Container suse/kiosk/xorg:latest:xkbcomp-1.4.1-150000.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:xkbcomp-1.4.1-150000.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:xkbcomp-devel-1.4.1-150000.3.6.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:xkbcomp-1.4.1-150000.3.6.1
Ссылки
Уязвимость SUSE-SU-2025:4426-1