Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN837
_____________________________________________________________________

DATE                : 04/12/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running X.Org versions prior to 1.5.0.

=====================================================================
https://lists.x.org/archives/xorg-announce/2025-December/003644.html
_____________________________________________________________________

======================================================================
X.Org Security Advisory: Wed 3, 2025 

Issues in xkbcomp prior to version 1.5.0
======================================================================

Multiple issues have been found in xkbcomp that have been previously
been published as CVEs in libxbkcommon. libxkbcommon is (to some degree)
a fork of xkbcomp and some of the code base is identical. These CVEs
were published earlier as:

- CVE-2018-15853: Endless recursion in xkbcomp/expr.c resulting in a crash
  https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/commit/da8367645
- CVE-2018-15859: NULL pointer dereference when parsing invalid atoms
in ExprResolveLhs resulting in a crash
  https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/commit/895e080b2
- CVE-2018-15861: NULL pointer dereference in ExprResolveLhs resulting
in a crash
  https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/commit/c34263540
- CVE-2018-15863: NULL pointer dereference in ResolveStateAndPredicate
resulting in a crash
  https://gitlab.freedesktop.org/xorg/app/xkbcomp/-/commit/fa10dbc2c

These four issues also affect xkbcomp. As the issues have been
effectively public for a while, there is no embargo. xkbcomp 1.5.0 is
available now and contains these fixes.

Many thanks to Pierre Le Marre for finding these issues in xkbcomp.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://lists.x.org/archives/xorg-announce/attachments/20251203/06aaa25f/attachment.sig>



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================