Moderate: Xorg security and bug fix update

Synopsis

Moderate: Xorg security and bug fix update

Type/Severity

Security Advisory: Moderate

Topic

An update for Xorg is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.

Security Fix(es):

• libX11: Crash on invalid reply in XListExtensions in ListExt.c (CVE-2018-14598)
  
• libX11: Off-by-one error in XListExtensions in ListExt.c (CVE-2018-14599)
  
• libX11: Out of Bounds write in XListExtensions in ListExt.c (CVE-2018-14600)
  
• libxkbcommon: Invalid free in ExprAppendMultiKeysymList resulting in a crash (CVE-2018-15857)
  
• libxkbcommon: Endless recursion in xkbcomp/expr.c resulting in a crash (CVE-2018-15853)
  
• libxkbcommon: NULL pointer dereference resulting in a crash (CVE-2018-15854)
  
• libxkbcommon: NULL pointer dereference when handling xkb_geometry (CVE-2018-15855)
  
• libxkbcommon: Infinite loop when reaching EOL unexpectedly resulting in a crash (CVE-2018-15856)
  
• libxkbcommon: NULL pointer dereference when parsing invalid atoms in ExprResolveLhs resulting in a crash (CVE-2018-15859)
  
• libxkbcommon: NULL pointer dereference in ExprResolveLhs resulting in a crash (CVE-2018-15861)
  
• libxkbcommon: NULL pointer dereference in LookupModMask resulting in a crash (CVE-2018-15862)
  
• libxkbcommon: NULL pointer dereference in ResolveStateAndPredicate resulting in a crash (CVE-2018-15863)
  
• libxkbcommon: NULL pointer dereference in resolve_keysym resulting in a crash (CVE-2018-15864)
  

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 7 x86_64
• Red Hat Enterprise Linux Workstation 7 x86_64
• Red Hat Enterprise Linux Desktop 7 x86_64
• Red Hat Enterprise Linux for IBM z Systems 7 s390x
• Red Hat Enterprise Linux for Power, big endian 7 ppc64
• Red Hat Enterprise Linux for Scientific Computing 7 x86_64
• Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

• BZ - 1529419 - RHEL-7.5-Alpha Message log show " fatal IO error 11 (Resource temporarily unavailable) on X server ":9""
• BZ - 1623009 - CVE-2018-15853 libxkbcommon: Endless recursion in xkbcomp/expr.c resulting in a crash
• BZ - 1623012 - CVE-2018-15854 libxkbcommon: NULL pointer dereference resulting in a crash
• BZ - 1623013 - CVE-2018-15855 libxkbcommon: NULL pointer dereference when handling xkb_geometry
• BZ - 1623018 - CVE-2018-15856 libxkbcommon: Infinite loop when reaching EOL unexpectedly resulting in a crash
• BZ - 1623022 - CVE-2018-15857 libxkbcommon: Invalid free in ExprAppendMultiKeysymList resulting in a crash
• BZ - 1623026 - CVE-2018-15859 libxkbcommon: NULL pointer dereference when parsing invalid atoms in ExprResolveLhs resulting in a crash
• BZ - 1623028 - CVE-2018-15861 libxkbcommon: NULL pointer dereference in ExprResolveLhs resulting in a crash
• BZ - 1623029 - CVE-2018-15862 libxkbcommon: NULL pointer dereference in LookupModMask resulting in a crash
• BZ - 1623030 - CVE-2018-15863 libxkbcommon: NULL pointer dereference in ResolveStateAndPredicate resulting in a crash
• BZ - 1623033 - CVE-2018-15864 libxkbcommon: NULL pointer dereference in resolve_keysym resulting in a crash
• BZ - 1623238 - CVE-2018-14598 libX11: Crash on invalid reply in XListExtensions in ListExt.c
• BZ - 1623242 - CVE-2018-14600 libX11: Out of Bounds write in XListExtensions in ListExt.c
• BZ - 1623250 - CVE-2018-14599 libX11: Off-by-one error in XListExtensions in ListExt.c
• BZ - 1624847 - [RHEL 7.6 Bug] Can not install with graphic mode or boot into graphic mode
• BZ - 1632807 - User session is terminated after User Switch
• BZ - 1635747 - Switching users in GNOME session is starting new X servers for the user, and a user logout is making it unusable.
• BZ - 1642197 - Cintiq 27QHD triggers error messages on proximity in
• BZ - 1648116 - radeon caicos family GPU locks up in ring 0 after update to 7.6
• BZ - 1650166 - Xorg crash after RHEL7.6 update
• BZ - 1650634 - FBDEV(1): FBIOPUTCMAP and xorg fails to load
• BZ - 1665433 - [Hyper-V][RHEL 7.6]Startx will have segment fault with hyper-V environment
• BZ - 1674474 - Xorg crashes with SIGABRT with radeon driver
• BZ - 1680120 - Killing inactive user causes active session to fail
• BZ - 1724300 - visual lag and screen update delays with libX11

CVEs

• CVE-2018-14598
• CVE-2018-14599
• CVE-2018-14600
• CVE-2018-15853
• CVE-2018-15854
• CVE-2018-15855
• CVE-2018-15856
• CVE-2018-15857
• CVE-2018-15859
• CVE-2018-15861
• CVE-2018-15862
• CVE-2018-15863
• CVE-2018-15864

References

• https://access.redhat.com/security/updates/classification/#moderate
• https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index