CVE-2018-15863 – libxkbcommon: NULL pointer dereference in ResolveStateAndPredicate resulting in a crash
https://notcve.org/view.php?id=CVE-2018-15863
Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression. El uso de un puntero NULL no verificado en ResolveStateAndPredicate en xkbcomp/compat.c en xkbcommon, en versiones anteriores a la 0.8.2, podría ser aprovechado por atacantes locales para provocar el cierre inesperado (desreferencia de puntero NULL) del analizador xkbcommon proporcionando un archivo keymap manipulado con una expresión modmask no-op. • https://access.redhat.com/errata/RHSA-2019:2079 https://github.com/xkbcommon/libxkbcommon/commit/96df3106d49438e442510c59acad306e94f3db4d https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html https://security.gentoo.org/glsa/201810-05 https://usn.ubuntu.com/3786-1 https://usn.ubuntu.com/3786-2 https://access.redhat.com/security/cve/CVE-2018-15863 https://bugzilla.redhat.com/show_bug.cgi?id=1623030 • CWE-476: NULL Pointer Dereference •
CVE-2018-10902 – Linux Kernel MIDI Race Condition Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-10902
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation. Se ha detectado que el controlador del kernel midi raw no protege contra el acceso concurrente, lo que conduce a un doble realloc (doble liberación) en snd_rawmidi_input_params() y snd_rawmidi_output_status(), que son parte del manipulador snd_rawmidi_ioctl() en el archivo rawmidi.c. Un atacante local malicioso podría utilizarlo para escalar privilegios. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Linux Kernel. • http://www.securityfocus.com/bid/105119 http://www.securitytracker.com/id/1041529 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://access.redhat.com/errata/RHSA-2019:0415 https://access.redhat.com/errata/RHSA-2019:0641 https://access.redhat.com/errata/RHSA-2019:3217 https://access.redhat.com/errata/RHSA-2019:3967 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10902 https://git.kernel.org/pub/scm/linux/k • CWE-415: Double Free CWE-416: Use After Free •
CVE-2018-14600 – libX11: Out of Bounds write in XListExtensions in ListExt.c
https://notcve.org/view.php?id=CVE-2018-14600
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution. Se ha descubierto un problema en libX11 hasta su versión 1.6.5. La función XListExtensions en ListExt.c interpreta una variable como firmada en lugar de no firmada, lo que resulta en una escritura fuera de límites (de hasta 128 bytes), lo que conduce a una denegación de servicio (DoS) o a la ejecución remota de código. An out of bounds write, limited to NULL bytes, was discovered in libX11 in functions XListExtensions() and XGetFontPath(). • http://www.openwall.com/lists/oss-security/2018/08/21/6 http://www.securityfocus.com/bid/105177 http://www.securitytracker.com/id/1041543 https://access.redhat.com/errata/RHSA-2019:2079 https://bugzilla.suse.com/show_bug.cgi?id=1102068 https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=dbf72805fd9d7b1846fe9a11b46f3994bfc27fea https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html https://lists.x.org/archives/xorg-announce/2018-August/002916.html https://security. • CWE-787: Out-of-bounds Write •
CVE-2018-14598 – libX11: Crash on invalid reply in XListExtensions in ListExt.c
https://notcve.org/view.php?id=CVE-2018-14598
An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault). Se ha descubierto un problema en XListExtensions en ListExt.c en libX11 hasta la versión 1.6.5. Un servidor malicioso puede enviar una respuesta en la cual la primera cadena se desborda, provocando que una variable se establezca como NULL y se libere posteriormente, lo que conduce a una denegación de servicio (fallo de segmentación). It was discovered that libX11 does not properly validate input coming from the server, causing XListExtensions() and XGetFontPath() functions to produce an invalid list of elements that in turn make XFreeExtensionsList() and XFreeFontPath() access invalid memory. • http://www.openwall.com/lists/oss-security/2018/08/21/6 http://www.securityfocus.com/bid/105177 http://www.securitytracker.com/id/1041543 https://access.redhat.com/errata/RHSA-2019:2079 https://bugzilla.suse.com/show_bug.cgi?id=1102073 https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e83722768fd5c467ef61fa159e8c6278770b45c2 https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ • CWE-20: Improper Input Validation •
CVE-2018-14599 – libX11: Off-by-one error in XListExtensions in ListExt.c
https://notcve.org/view.php?id=CVE-2018-14599
An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact. Se ha descubierto un problema en libX11 hasta su versión 1.6.5. La función XListExtensions en ListExt.c es vulnerable a un error por un paso provocado por respuestas maliciosas del servidor, lo que conduce a una denegación de servicio (DoS) o a otro tipo de impacto sin especificar. An off-by-one error has been discovered in libX11 in functions XGetFontPath(), XListExtensions(), and XListFonts(). • http://www.openwall.com/lists/oss-security/2018/08/21/6 http://www.securityfocus.com/bid/105177 http://www.securitytracker.com/id/1041543 https://access.redhat.com/errata/RHSA-2019:2079 https://bugzilla.suse.com/show_bug.cgi?id=1102062 https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=b469da1430cdcee06e31c6251b83aede072a1ff0 https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ • CWE-193: Off-by-one Error CWE-787: Out-of-bounds Write •