Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201810-05 ] xkbcommon: Multiple vulnerabilities
Date: Tue, 30 Oct 2018 20:57:50
Message-Id: 1d2c67f1-aaae-a7b7-e7b2-7000ae0827d4@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201810-05
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: xkbcommon: Multiple vulnerabilities
9 Date: October 30, 2018
10 Bugs: #665702
11 ID: 201810-05
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in xkbcommon, the worst of
19 which may lead to a Denial of Service condition.
20
21 Background
22 ==========
23
24 xkbcommon is a library to handle keyboard descriptions, including
25 loading them from disk, parsing them and handling their state.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 x11-libs/libxkbcommon < 0.8.2 >= 0.8.2
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in libxkbcommon. Please
39 review the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 A local attacker could supply a specially crafted keymap file possibly
45 resulting in a Denial of Service condition.
46
47 Workaround
48 ==========
49
50 There is no known workaround at this time.
51
52 Resolution
53 ==========
54
55 All libxkbcommon users should upgrade to the latest version:
56
57 # emerge --sync
58 # emerge --ask --oneshot --verbose ">=x11-libs/libxkbcommon-0.8.2"
59
60 References
61 ==========
62
63 [ 1 ] CVE-2018-15853
64 https://nvd.nist.gov/vuln/detail/CVE-2018-15853
65 [ 2 ] CVE-2018-15854
66 https://nvd.nist.gov/vuln/detail/CVE-2018-15854
67 [ 3 ] CVE-2018-15855
68 https://nvd.nist.gov/vuln/detail/CVE-2018-15855
69 [ 4 ] CVE-2018-15856
70 https://nvd.nist.gov/vuln/detail/CVE-2018-15856
71 [ 5 ] CVE-2018-15857
72 https://nvd.nist.gov/vuln/detail/CVE-2018-15857
73 [ 6 ] CVE-2018-15858
74 https://nvd.nist.gov/vuln/detail/CVE-2018-15858
75 [ 7 ] CVE-2018-15859
76 https://nvd.nist.gov/vuln/detail/CVE-2018-15859
77 [ 8 ] CVE-2018-15861
78 https://nvd.nist.gov/vuln/detail/CVE-2018-15861
79 [ 9 ] CVE-2018-15862
80 https://nvd.nist.gov/vuln/detail/CVE-2018-15862
81 [ 10 ] CVE-2018-15863
82 https://nvd.nist.gov/vuln/detail/CVE-2018-15863
83 [ 11 ] CVE-2018-15864
84 https://nvd.nist.gov/vuln/detail/CVE-2018-15864
85
86 Availability
87 ============
88
89 This GLSA and any updates to it are available for viewing at
90 the Gentoo Security Website:
91
92 https://security.gentoo.org/glsa/201810-05
93
94 Concerns?
95 =========
96
97 Security is a primary focus of Gentoo Linux and ensuring the
98 confidentiality and security of our users' machines is of utmost
99 importance to us. Any security concerns should be addressed to
100 security@g.o or alternatively, you may file a bug at
101 https://bugs.gentoo.org.
102
103 License
104 =======
105
106 Copyright 2018 Gentoo Foundation, Inc; referenced text
107 belongs to its owner(s).
108
109 The contents of this document are licensed under the
110 Creative Commons - Attribution / Share Alike license.
111
112 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups