SB2019080625 - Red Hat update for Xorg

Description

This security bulletin contains information about 13 secuirty vulnerabilities.

1) Improper input validation (CVE-ID: CVE-2018-14598)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to an error when handling malicious input. A remote unauthenticated attacker can cause a remote server to return a specially crafted reply to cause the target X client to crash.

2) Off-by-one error (CVE-ID: CVE-2018-14599)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an off-by-one memory write error in the XGetFontPath(), XListExtensions(), and XListFonts() functions. A remote unauthenticated attacker can cause a remote X server to return a specially crafted response to trigger memory corruption and execute arbitrary code on the target X client.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

3) Out-of-bounds write (CVE-ID: CVE-2018-14600)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to out-of-bounds write when handling malicious input. A remote unauthenticated attacker can trick the victim into opening a specially crafted data, trigger memory corruption and execute arbitrary code on the target X client.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

4) Input validation error (CVE-ID: CVE-2018-15853)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to endless recursion exists in xkbcomp/expr.c during insufficient validation of user-supplied input. A local attacker can supply a specially crafted keymap file, trigger boolean negation and cause the application to crash.

5) Null pointer dereference (CVE-ID: CVE-2018-15854)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to unchecked NULL pointer usage condition when the XkbFile is mishandled. A local attacker can submit a specially crafted keymap file that submits malicious input, trigger NULL pointer dereference and cause the application to crash.

6) Null pointer dereference (CVE-ID: CVE-2018-15855)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to unchecked NULL pointer usage condition when the XkbFile is mishandled. A local attacker can submit a specially crafted keymap file that submits malicious input, trigger NULL pointer dereference and cause the application to crash.

7) Infinite loop (CVE-ID: CVE-2018-15856)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an infinite loop condition during insufficient validation of user-supplied input. A local attacker can submit a specially crafted keymap file that submits malicious input, trigger infinite loop and cause the application to crash.

8) Improper input validation (CVE-ID: CVE-2018-15857)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an invalid-free error in the ExprAppendMultiKeysymList function, as defined in the xkbcomp/ast-build.c source code file. A local attacker can submit a specially crafted keymap file that submits malicious input and cause the application to crash.

9) Null pointer dereference (CVE-ID: CVE-2018-15859)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer usage condition by the ExprResolveLhs function, as defined in the xkbcomp/expr.c source code file. A local attacker can submit a specially crafted keymap file that submits malicious input, trigger NULL pointer dereference and cause the application to crash.

10) Null pointer dereference (CVE-ID: CVE-2018-15861)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer usage condition by the ExprResolveLhs function, as defined in the xkbcomp/expr.c source code file. A local attacker can submit a specially crafted keymap file that submits malicious input, trigger an xkb_intern_atom failure and cause the application to crash.

11) Null pointer dereference (CVE-ID: CVE-2018-15862)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer usage condition by the LookupModMask function, as defined in the xkbcomp/expr.c source code file. A local attacker can submit a specially crafted keymap file that submits malicious input to an affected system with invalid virtual modifiers, trigger NULL pointer dereference and cause the application to crash.

12) Null pointer dereference (CVE-ID: CVE-2018-15863)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer usage condition by the ResolveStateAndPredicate function, as defined in the xkbcomp/compat.c source code file. A local attacker can submit a specially crafted keymap file that submits malicious input to an affected system with a no-op modmaskexpression, trigger NULL pointer dereference and cause the application to crash.

13) Null pointer dereference (CVE-ID: CVE-2018-15864)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer usage condition by the resolve_keysym function, as defined in the xkbcomp/parser.y source code file. A local attacker can submit a specially crafted keymap file that submits malicious input to an affected system with a no-op modmaskexpression, trigger NULL pointer dereference and cause the application to crash.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2019:2079