[USN-3786-2] libxkbcommon vulnerabilities

protocol=”application/pgp-signature”; boundary=”=-4DsEHJbseuxdxZJ0vdMR”

–=-4DsEHJbseuxdxZJ0vdMR

Content-Transfer-Encoding: quoted-printable

=
=

Ubuntu Security Notice USN-3786-2
November 06, 2018

libxkbcommon vulnerabilities
=
=

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in libxkbcommon.

Software Description:
– libxkbcommon: library interface to the XKB compiler – development
files

Details:

USN-3786-1 fixed several vulnerabilities in libxkbcommon. This
update provides the corresponding update for Ubuntu 18.04 LTS.

Original advisory details:

=C2=A0It was discovered that libxkbcommon incorrectly handled certain files=
.
=C2=A0An attacker could possibly use this issue to cause a denial of
=C2=A0service. (CVE-2018-15853, CVE-2018-15854, CVE-2018-15855, CVE-2018-
=C2=A015856, CVE-2018-15857, CVE-2018-15858, CVE-2018-15859, CVE-2018-15861=
,
=C2=A0CVE-2018-15862, CVE-2018-15863, CVE-2018-15864)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
=C2=A0 libxkbcommon-x11-0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A00.8.0-1ubuntu0.1
=C2=A0 libxkbcommon0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A00.8.0-1ubuntu0.=
1

In general, a standard system update will make all the necessary
changes.

References:
=C2=A0 https://usn.ubuntu.com/usn/usn-3786-2
=C2=A0 https://usn.ubuntu.com/usn/usn-3786-1
=C2=A0 CVE-2018-15853, CVE-2018-15854, CVE-2018-15855, CVE-2018-15856,
=C2=A0 CVE-2018-15857, CVE-2018-15858, CVE-2018-15859, CVE-2018-15861,
=C2=A0 CVE-2018-15862, CVE-2018-15863, CVE-2018-15864

Package Information:
=C2=A0 https://launchpad.net/ubuntu/+source/libxkbcommon/0.8.0-1ubuntu0.1
–=-4DsEHJbseuxdxZJ0vdMR

Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJb4byrAAoJEEW851uECx9p/QgP/A1QabX8qDbsSpWeO5CAzbfl
p6anTSgyltlCYHKsRLOZihDBpkPJqbfhHsTxdjX5Q++wxrR7cqgxgQ/dhf+EnrqO
/CwYDbcEz+IQOvsYUckfthZq9REvxHsoR2pThXYX1BNL8LYnHEiFJC3KccFwds5h
VLrMuhZV+/Ob6cvwv3UDqedRdaDrAGmsW/bE1NexwDyoL7mMHbhatWHiY7BJQuOe
XA1/SNwgFv67z/NFdHfgfFbqjGd4ITLv5R+Lqt75167dWIFdo6pk0gZG3YOWl7BL
78QJW5aM2WPzfNe+9JLg+9OlyhpE0Fa4PQ8NnhPo7tzKjaSIUx/xaZ2ACipojnaZ
Tor0WszymMatdoE97YUei6stOwqHeB3n3aUKbDt1sPIJxr98OsOan6kasYA27g4U
DPOuEK4zTx4D+if0/UgXX+GW/lgEW7kqyG4CgVWSRvAm23pX8Fbx3Wf67vNIlnC5
n/Q4ybddUsFLjWrFZv8ckISoHqAt29uLkXSWcAIfO4ojuqG6RtB8MOSbZCyxmi/9
noX8b1wewnUY1y7ZviNhz6rTfXOstg8uNH1q3ZkbcBD9iCX0mp9qdDr4eLlx7isp
Asr8mEmtvSWZneRcrSOhXS4j4U3DwGzzmRvuFjaiiSYMxmNOsKAJNiMbxgS8ly1c
wycYflXcAnZznq4217mZ
=oOHA
—–END PGP SIGNATURE—–

–=-4DsEHJbseuxdxZJ0vdMR–

MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK