Vulnerabilities > CVE-2018-15858 - NULL Pointer Dereference vulnerability in multiple products

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
local
low complexity
xkbcommon
canonical
CWE-476
nessus

Summary

Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1418.NASL
    descriptionThis update for libxkbcommon to version 0.8.2 fixes the following issues : - Fix a few NULL-dereferences, out-of-bounds access and undefined behavior in the XKB text format parser. - CVE-2018-15853: Endless recursion could have been used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation (bsc#1105832). - CVE-2018-15854: Unchecked NULL pointer usage could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly (bsc#1105832). - CVE-2018-15855: Unchecked NULL pointer usage could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled (bsc#1105832). - CVE-2018-15856: An infinite loop when reaching EOL unexpectedly could be used by local attackers to cause a denial of service during parsing of crafted keymap files (bsc#1105832). - CVE-2018-15857: An invalid free in ExprAppendMultiKeysymList could have been used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file (bsc#1105832). - CVE-2018-15858: Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file (bsc#1105832). - CVE-2018-15859: Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled (bsc#1105832). - CVE-2018-15861: Unchecked NULL pointer usage in ExprResolveLhs could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure (bsc#1105832). - CVE-2018-15862: Unchecked NULL pointer usage in LookupModMask could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers (bsc#1105832). - CVE-2018-15863: Unchecked NULL pointer usage in ResolveStateAndPredicate could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression (bsc#1105832). - CVE-2018-15864: Unchecked NULL pointer usage in resolve_keysym could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created (bsc#1105832). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-05
    modified2018-11-19
    plugin id119023
    published2018-11-19
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119023
    titleopenSUSE Security Update : libxkbcommon (openSUSE-2018-1418)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2018-1418.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119023);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-15853", "CVE-2018-15854", "CVE-2018-15855", "CVE-2018-15856", "CVE-2018-15857", "CVE-2018-15858", "CVE-2018-15859", "CVE-2018-15861", "CVE-2018-15862", "CVE-2018-15863", "CVE-2018-15864");
    
      script_name(english:"openSUSE Security Update : libxkbcommon (openSUSE-2018-1418)");
      script_summary(english:"Check for the openSUSE-2018-1418 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for libxkbcommon to version 0.8.2 fixes the following
    issues :
    
      - Fix a few NULL-dereferences, out-of-bounds access and
        undefined behavior in the XKB text format parser.
    
      - CVE-2018-15853: Endless recursion could have been used
        by local attackers to crash xkbcommon users by supplying
        a crafted keymap file that triggers boolean negation
        (bsc#1105832).
    
      - CVE-2018-15854: Unchecked NULL pointer usage could have
        been used by local attackers to crash (NULL pointer
        dereference) the xkbcommon parser by supplying a crafted
        keymap file, because geometry tokens were desupported
        incorrectly (bsc#1105832).
    
      - CVE-2018-15855: Unchecked NULL pointer usage could have
        been used by local attackers to crash (NULL pointer
        dereference) the xkbcommon parser by supplying a crafted
        keymap file, because the XkbFile for an xkb_geometry
        section was mishandled (bsc#1105832).
    
      - CVE-2018-15856: An infinite loop when reaching EOL
        unexpectedly could be used by local attackers to cause a
        denial of service during parsing of crafted keymap files
        (bsc#1105832).
    
      - CVE-2018-15857: An invalid free in
        ExprAppendMultiKeysymList could have been used by local
        attackers to crash xkbcommon keymap parsers or possibly
        have unspecified other impact by supplying a crafted
        keymap file (bsc#1105832).
    
      - CVE-2018-15858: Unchecked NULL pointer usage when
        handling invalid aliases in CopyKeyAliasesToKeymap could
        have been used by local attackers to crash (NULL pointer
        dereference) the xkbcommon parser by supplying a crafted
        keymap file (bsc#1105832).
    
      - CVE-2018-15859: Unchecked NULL pointer usage when
        parsing invalid atoms in ExprResolveLhs could have been
        used by local attackers to crash (NULL pointer
        dereference) the xkbcommon parser by supplying a crafted
        keymap file, because lookup failures are mishandled
        (bsc#1105832).
    
      - CVE-2018-15861: Unchecked NULL pointer usage in
        ExprResolveLhs could have been used by local attackers
        to crash (NULL pointer dereference) the xkbcommon parser
        by supplying a crafted keymap file that triggers an
        xkb_intern_atom failure (bsc#1105832).
    
      - CVE-2018-15862: Unchecked NULL pointer usage in
        LookupModMask could have been used by local attackers to
        crash (NULL pointer dereference) the xkbcommon parser by
        supplying a crafted keymap file with invalid virtual
        modifiers (bsc#1105832).
    
      - CVE-2018-15863: Unchecked NULL pointer usage in
        ResolveStateAndPredicate could have been used by local
        attackers to crash (NULL pointer dereference) the
        xkbcommon parser by supplying a crafted keymap file with
        a no-op modmask expression (bsc#1105832).
    
      - CVE-2018-15864: Unchecked NULL pointer usage in
        resolve_keysym could have been used by local attackers
        to crash (NULL pointer dereference) the xkbcommon parser
        by supplying a crafted keymap file, because a map access
        attempt can occur for a map that was never created
        (bsc#1105832).
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1105832"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libxkbcommon packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxkbcommon-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxkbcommon-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxkbcommon-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxkbcommon-x11-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxkbcommon-x11-0-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxkbcommon-x11-0-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxkbcommon-x11-0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxkbcommon-x11-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxkbcommon-x11-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxkbcommon0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxkbcommon0-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxkbcommon0-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxkbcommon0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/19");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"libxkbcommon-debugsource-0.8.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libxkbcommon-devel-0.8.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libxkbcommon-x11-0-0.8.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libxkbcommon-x11-0-debuginfo-0.8.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libxkbcommon-x11-devel-0.8.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libxkbcommon0-0.8.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libxkbcommon0-debuginfo-0.8.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libxkbcommon-devel-32bit-0.8.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libxkbcommon-x11-0-32bit-0.8.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libxkbcommon-x11-0-32bit-debuginfo-0.8.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libxkbcommon-x11-devel-32bit-0.8.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libxkbcommon0-32bit-0.8.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libxkbcommon0-32bit-debuginfo-0.8.2-lp150.2.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxkbcommon-debugsource / libxkbcommon-devel / libxkbcommon-x11-0 / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-913.NASL
    descriptionThis update for libxkbcommon to version 0.8.2 fixes the following issues : - Fix a few NULL-dereferences, out-of-bounds access and undefined behavior in the XKB text format parser. - CVE-2018-15853: Endless recursion could have been used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation (bsc#1105832). - CVE-2018-15854: Unchecked NULL pointer usage could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly (bsc#1105832). - CVE-2018-15855: Unchecked NULL pointer usage could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled (bsc#1105832). - CVE-2018-15856: An infinite loop when reaching EOL unexpectedly could be used by local attackers to cause a denial of service during parsing of crafted keymap files (bsc#1105832). - CVE-2018-15857: An invalid free in ExprAppendMultiKeysymList could have been used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file (bsc#1105832). - CVE-2018-15858: Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file (bsc#1105832). - CVE-2018-15859: Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled (bsc#1105832). - CVE-2018-15861: Unchecked NULL pointer usage in ExprResolveLhs could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure (bsc#1105832). - CVE-2018-15862: Unchecked NULL pointer usage in LookupModMask could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers (bsc#1105832). - CVE-2018-15863: Unchecked NULL pointer usage in ResolveStateAndPredicate could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression (bsc#1105832). - CVE-2018-15864: Unchecked NULL pointer usage in resolve_keysym could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created (bsc#1105832). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123373
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123373
    titleopenSUSE Security Update : libxkbcommon (openSUSE-2019-913)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-913.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123373);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/27");
    
      script_cve_id("CVE-2018-15853", "CVE-2018-15854", "CVE-2018-15855", "CVE-2018-15856", "CVE-2018-15857", "CVE-2018-15858", "CVE-2018-15859", "CVE-2018-15861", "CVE-2018-15862", "CVE-2018-15863", "CVE-2018-15864");
    
      script_name(english:"openSUSE Security Update : libxkbcommon (openSUSE-2019-913)");
      script_summary(english:"Check for the openSUSE-2019-913 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for libxkbcommon to version 0.8.2 fixes the following
    issues :
    
      - Fix a few NULL-dereferences, out-of-bounds access and
        undefined behavior in the XKB text format parser.
    
      - CVE-2018-15853: Endless recursion could have been used
        by local attackers to crash xkbcommon users by supplying
        a crafted keymap file that triggers boolean negation
        (bsc#1105832).
    
      - CVE-2018-15854: Unchecked NULL pointer usage could have
        been used by local attackers to crash (NULL pointer
        dereference) the xkbcommon parser by supplying a crafted
        keymap file, because geometry tokens were desupported
        incorrectly (bsc#1105832).
    
      - CVE-2018-15855: Unchecked NULL pointer usage could have
        been used by local attackers to crash (NULL pointer
        dereference) the xkbcommon parser by supplying a crafted
        keymap file, because the XkbFile for an xkb_geometry
        section was mishandled (bsc#1105832).
    
      - CVE-2018-15856: An infinite loop when reaching EOL
        unexpectedly could be used by local attackers to cause a
        denial of service during parsing of crafted keymap files
        (bsc#1105832).
    
      - CVE-2018-15857: An invalid free in
        ExprAppendMultiKeysymList could have been used by local
        attackers to crash xkbcommon keymap parsers or possibly
        have unspecified other impact by supplying a crafted
        keymap file (bsc#1105832).
    
      - CVE-2018-15858: Unchecked NULL pointer usage when
        handling invalid aliases in CopyKeyAliasesToKeymap could
        have been used by local attackers to crash (NULL pointer
        dereference) the xkbcommon parser by supplying a crafted
        keymap file (bsc#1105832).
    
      - CVE-2018-15859: Unchecked NULL pointer usage when
        parsing invalid atoms in ExprResolveLhs could have been
        used by local attackers to crash (NULL pointer
        dereference) the xkbcommon parser by supplying a crafted
        keymap file, because lookup failures are mishandled
        (bsc#1105832).
    
      - CVE-2018-15861: Unchecked NULL pointer usage in
        ExprResolveLhs could have been used by local attackers
        to crash (NULL pointer dereference) the xkbcommon parser
        by supplying a crafted keymap file that triggers an
        xkb_intern_atom failure (bsc#1105832).
    
      - CVE-2018-15862: Unchecked NULL pointer usage in
        LookupModMask could have been used by local attackers to
        crash (NULL pointer dereference) the xkbcommon parser by
        supplying a crafted keymap file with invalid virtual
        modifiers (bsc#1105832).
    
      - CVE-2018-15863: Unchecked NULL pointer usage in
        ResolveStateAndPredicate could have been used by local
        attackers to crash (NULL pointer dereference) the
        xkbcommon parser by supplying a crafted keymap file with
        a no-op modmask expression (bsc#1105832).
    
      - CVE-2018-15864: Unchecked NULL pointer usage in
        resolve_keysym could have been used by local attackers
        to crash (NULL pointer dereference) the xkbcommon parser
        by supplying a crafted keymap file, because a map access
        attempt can occur for a map that was never created
        (bsc#1105832).
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1105832"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libxkbcommon packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxkbcommon-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxkbcommon-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxkbcommon-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxkbcommon-x11-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxkbcommon-x11-0-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxkbcommon-x11-0-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxkbcommon-x11-0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxkbcommon-x11-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxkbcommon-x11-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxkbcommon0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxkbcommon0-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxkbcommon0-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxkbcommon0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"libxkbcommon-debugsource-0.8.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libxkbcommon-devel-0.8.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libxkbcommon-x11-0-0.8.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libxkbcommon-x11-0-debuginfo-0.8.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libxkbcommon-x11-devel-0.8.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libxkbcommon0-0.8.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libxkbcommon0-debuginfo-0.8.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libxkbcommon-devel-32bit-0.8.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libxkbcommon-x11-0-32bit-0.8.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libxkbcommon-x11-0-32bit-debuginfo-0.8.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libxkbcommon-x11-devel-32bit-0.8.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libxkbcommon0-32bit-0.8.2-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libxkbcommon0-32bit-debuginfo-0.8.2-lp150.2.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxkbcommon-debugsource / libxkbcommon-devel / etc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1518.NASL
    descriptionAccording to the version of the libxkbcommon package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file.(CVE-2018-15858) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2020-05-01
    plugin id136221
    published2020-05-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136221
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : libxkbcommon (EulerOS-SA-2020-1518)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(136221);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2018-15858"
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.2.0 : libxkbcommon (EulerOS-SA-2020-1518)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the libxkbcommon package installed, the
    EulerOS Virtualization for ARM 64 installation on the remote host is
    affected by the following vulnerability :
    
      - Unchecked NULL pointer usage when handling invalid
        aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c
        in xkbcommon before 0.8.1 could be used by local
        attackers to crash (NULL pointer dereference) the
        xkbcommon parser by supplying a crafted keymap
        file.(CVE-2018-15858)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1518
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a3c33b91");
      script_set_attribute(attribute:"solution", value:
    "Update the affected libxkbcommon package.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/01");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libxkbcommon");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.2.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["libxkbcommon-0.7.1-1.h2"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_NOTE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxkbcommon");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3786-1.NASL
    descriptionIt was discovered that libxkbcommon incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-15853, CVE-2018-15854, CVE-2018-15855, CVE-2018-15856, CVE-2018-15857, CVE-2018-15858, CVE-2018-15859, CVE-2018-15861, CVE-2018-15862, CVE-2018-15863, CVE-2018-15864). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id117996
    published2018-10-09
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117996
    titleUbuntu 14.04 LTS / 16.04 LTS : libxkbcommon vulnerabilities (USN-3786-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201810-05.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201810-05 (xkbcommon: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libxkbcommon. Please review the CVE identifiers referenced below for details. Impact : A local attacker could supply a specially crafted keymap file possibly resulting in a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id118505
    published2018-10-31
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118505
    titleGLSA-201810-05 : xkbcommon: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3685-1.NASL
    descriptionThis update for libxkbcommon to version 0.8.2 fixes the following issues : Fix a few NULL-dereferences, out-of-bounds access and undefined behavior in the XKB text format parser. CVE-2018-15853: Endless recursion could have been used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation (bsc#1105832). CVE-2018-15854: Unchecked NULL pointer usage could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly (bsc#1105832). CVE-2018-15855: Unchecked NULL pointer usage could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled (bsc#1105832). CVE-2018-15856: An infinite loop when reaching EOL unexpectedly could be used by local attackers to cause a denial of service during parsing of crafted keymap files (bsc#1105832). CVE-2018-15857: An invalid free in ExprAppendMultiKeysymList could have been used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file (bsc#1105832). CVE-2018-15858: Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file (bsc#1105832). CVE-2018-15859: Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled (bsc#1105832). CVE-2018-15861: Unchecked NULL pointer usage in ExprResolveLhs could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure (bsc#1105832). CVE-2018-15862: Unchecked NULL pointer usage in LookupModMask could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers (bsc#1105832). CVE-2018-15863: Unchecked NULL pointer usage in ResolveStateAndPredicate could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression (bsc#1105832). CVE-2018-15864: Unchecked NULL pointer usage in resolve_keysym could have been used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created (bsc#1105832). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-01-02
    plugin id120161
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120161
    titleSUSE SLED15 / SLES15 Security Update : libxkbcommon (SUSE-SU-2018:3685-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2696.NASL
    descriptionAccording to the version of the libxkbcommon packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file.(CVE-2018-15858) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-23
    plugin id132363
    published2019-12-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132363
    titleEulerOS 2.0 SP5 : libxkbcommon (EulerOS-SA-2019-2696)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3786-2.NASL
    descriptionUSN-3786-1 fixed several vulnerabilities in libxkbcommon. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details : It was discovered that libxkbcommon incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2018-15853, CVE-2018-15854, CVE-2018-15855, CVE-2018- 15856, CVE-2018-15857, CVE-2018-15858, CVE-2018-15859, CVE-2018-15861, CVE-2018-15862, CVE-2018-15863, CVE-2018-15864). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118794
    published2018-11-07
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118794
    titleUbuntu 18.04 LTS : libxkbcommon vulnerabilities (USN-3786-2)