Anfälligkeitssuche        Suche in 211766 CVE Beschreibungen
und 97459 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.4.2018.3685.1
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory (SUSE-SU-2018:3685-1)
Zusammenfassung:The remote host is missing an update for the 'libxkbcommon' package(s) announced via the SUSE-SU-2018:3685-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'libxkbcommon' package(s) announced via the SUSE-SU-2018:3685-1 advisory.

Vulnerability Insight:
This update for libxkbcommon to version 0.8.2 fixes the following issues:
Fix a few NULL-dereferences, out-of-bounds access and undefined behavior
in the XKB text format parser.

CVE-2018-15853: Endless recursion could have been used by local
attackers to crash xkbcommon users by supplying a crafted keymap file
that triggers boolean negation (bsc#1105832).

CVE-2018-15854: Unchecked NULL pointer usage could have been used by
local attackers to crash (NULL pointer dereference) the xkbcommon parser
by supplying a crafted keymap file, because geometry tokens were
desupported incorrectly (bsc#1105832).

CVE-2018-15855: Unchecked NULL pointer usage could have been used by
local attackers to crash (NULL pointer dereference) the xkbcommon parser
by supplying a crafted keymap file, because the XkbFile for an
xkb_geometry section was mishandled (bsc#1105832).

CVE-2018-15856: An infinite loop when reaching EOL unexpectedly could be
used by local attackers to cause a denial of service during parsing of
crafted keymap files (bsc#1105832).

CVE-2018-15857: An invalid free in ExprAppendMultiKeysymList could have
been used by local attackers to crash xkbcommon keymap parsers or
possibly have unspecified other impact by supplying a crafted keymap
file (bsc#1105832).

CVE-2018-15858: Unchecked NULL pointer usage when handling invalid
aliases in CopyKeyAliasesToKeymap could have been used by local
attackers to crash (NULL pointer dereference) the xkbcommon parser by
supplying a crafted keymap file (bsc#1105832).

CVE-2018-15859: Unchecked NULL pointer usage when parsing invalid atoms
in ExprResolveLhs could have been used by local attackers to crash (NULL
pointer dereference) the xkbcommon parser by supplying a crafted keymap
file, because lookup failures are mishandled (bsc#1105832).

CVE-2018-15861: Unchecked NULL pointer usage in ExprResolveLhs could
have been used by local attackers to crash (NULL pointer dereference)
the xkbcommon parser by supplying a crafted keymap file that triggers an
xkb_intern_atom failure (bsc#1105832).

CVE-2018-15862: Unchecked NULL pointer usage in LookupModMask could have
been used by local attackers to crash (NULL pointer dereference) the
xkbcommon parser by supplying a crafted keymap file with invalid virtual
modifiers (bsc#1105832).

CVE-2018-15863: Unchecked NULL pointer usage in ResolveStateAndPredicate
could have been used by local attackers to crash (NULL pointer
dereference) the xkbcommon parser by supplying a crafted keymap file
with a no-op modmask expression (bsc#1105832).

CVE-2018-15864: Unchecked NULL pointer usage in resolve_keysym could
have been used by local attackers to crash (NULL pointer dereference)
the xkbcommon parser by supplying a crafted keymap file, because a map
access attempt can
occur for a map that was never created (bsc#1105832).

Affected Software/OS:
'libxkbcommon' package(s) on SUSE Linux Enterprise Module for Basesystem 15

Solution:
Please install the updated package(s).

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-15853
Common Vulnerability Exposure (CVE) ID: CVE-2018-15854
Common Vulnerability Exposure (CVE) ID: CVE-2018-15855
Common Vulnerability Exposure (CVE) ID: CVE-2018-15856
Common Vulnerability Exposure (CVE) ID: CVE-2018-15857
Common Vulnerability Exposure (CVE) ID: CVE-2018-15858
Common Vulnerability Exposure (CVE) ID: CVE-2018-15859
Common Vulnerability Exposure (CVE) ID: CVE-2018-15861
Common Vulnerability Exposure (CVE) ID: CVE-2018-15862
Common Vulnerability Exposure (CVE) ID: CVE-2018-15863
Common Vulnerability Exposure (CVE) ID: CVE-2018-15864
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 97459 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.