SB2018073020 - Denial of service in libxkbcommon
Published: July 30, 2018 Updated: November 16, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 11 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2018-15853)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to endless recursion exists in xkbcomp/expr.c during insufficient validation of user-supplied input. A local attacker can supply a specially crafted keymap file, trigger boolean negation and cause the application to crash.
2) Improper input validation (CVE-ID: CVE-2018-15857)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an invalid-free error in the ExprAppendMultiKeysymList function, as defined in the xkbcomp/ast-build.c source code file. A local attacker can submit a specially crafted keymap file that submits malicious input and cause the application to crash.
3) Null pointer dereference (CVE-ID: CVE-2018-15854)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to unchecked NULL pointer usage condition when the XkbFile is mishandled. A local attacker can submit a specially crafted keymap file that submits malicious input, trigger NULL pointer dereference and cause the application to crash.
4) Null pointer dereference (CVE-ID: CVE-2018-15855)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to unchecked NULL pointer usage condition when the XkbFile is mishandled. A local attacker can submit a specially crafted keymap file that submits malicious input, trigger NULL pointer dereference and cause the application to crash.
5) Infinite loop (CVE-ID: CVE-2018-15856)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an infinite loop condition during insufficient validation of user-supplied input. A local attacker can submit a specially crafted keymap file that submits malicious input, trigger infinite loop and cause the application to crash.
6) Null pointer dereference (CVE-ID: CVE-2018-15864)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer usage condition by the resolve_keysym function, as defined in the xkbcomp/parser.y source code file. A local attacker can submit a specially crafted keymap file that submits malicious input to an affected system with a no-op modmaskexpression, trigger NULL pointer dereference and cause the application to crash.
7) Null pointer dereference (CVE-ID: CVE-2018-15863)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer usage condition by the ResolveStateAndPredicate function, as defined in the xkbcomp/compat.c source code file. A local attacker can submit a specially crafted keymap file that submits malicious input to an affected system with a no-op modmaskexpression, trigger NULL pointer dereference and cause the application to crash.
8) Null pointer dereference (CVE-ID: CVE-2018-15862)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer usage condition by the LookupModMask function, as defined in the xkbcomp/expr.c source code file. A local attacker can submit a specially crafted keymap file that submits malicious input to an affected system with invalid virtual modifiers, trigger NULL pointer dereference and cause the application to crash.
9) Null pointer dereference (CVE-ID: CVE-2018-15861)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer usage condition by the ExprResolveLhs function, as defined in the xkbcomp/expr.c source code file. A local attacker can submit a specially crafted keymap file that submits malicious input, trigger an xkb_intern_atom failure and cause the application to crash.
10) Null pointer dereference (CVE-ID: CVE-2018-15858)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer usage condition by the CopyKeyAliasesToKeymap function, as defined in the xkbcomp/keycodes.c source code file. A local attacker can submit a specially crafted keymap file that submits malicious input, trigger NULL pointer dereference and cause the application to crash.
11) Null pointer dereference (CVE-ID: CVE-2018-15859)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer usage condition by the ExprResolveLhs function, as defined in the xkbcomp/expr.c source code file. A local attacker can submit a specially crafted keymap file that submits malicious input, trigger NULL pointer dereference and cause the application to crash.
Remediation
Install update from vendor's website.
References
- https://github.com/xkbcommon/libxkbcommon/commit/1f9d1248c07cda8aaff762429c0dce146de8632a
- https://github.com/xkbcommon/libxkbcommon/commit/c1e5ac16e77a21f87bdf3bc4dea61b037a17dddb
- https://github.com/xkbcommon/libxkbcommon/commit/e3cacae7b1bfda0d839c280494f23284a1187adf
- https://github.com/xkbcommon/libxkbcommon/commit/917636b1d0d70205a13f89062b95e3a0fc31d4ff
- https://github.com/xkbcommon/libxkbcommon/commit/842e4351c2c97de6051cab6ce36b4a81e709a0e1
- https://github.com/xkbcommon/libxkbcommon/commit/a8ea7a1d3daa7bdcb877615ae0a252c189153bd2
- https://github.com/xkbcommon/libxkbcommon/commit/96df3106d49438e442510c59acad306e94f3db4d
- https://github.com/xkbcommon/libxkbcommon/commit/4e2ee9c3f6050d773f8bbe05bc0edb17f1ff8371
- https://github.com/xkbcommon/libxkbcommon/commit/38e1766bc6e20108948aec8a0b222a4bad0254e9
- https://github.com/xkbcommon/libxkbcommon/commit/badb428e63387140720f22486b3acbd3d738859f
- https://github.com/xkbcommon/libxkbcommon/commit/bb4909d2d8fa6b08155e449986a478101e2b2634