7.5 - RHSA-2019:2079

Problem Description:

An update for Xorg is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

3. Description:

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.

Security Fix(es):

* libX11: Crash on invalid reply in XListExtensions in ListExt.c (CVE-2018-14598)

* libX11: Off-by-one error in XListExtensions in ListExt.c (CVE-2018-14599)

* libX11: Out of Bounds write in XListExtensions in ListExt.c (CVE-2018-14600)

* libxkbcommon: Invalid free in ExprAppendMultiKeysymList resulting in a crash (CVE-2018-15857)

* libxkbcommon: Endless recursion in xkbcomp/expr.c resulting in a crash (CVE-2018-15853)

* libxkbcommon: NULL pointer dereference resulting in a crash (CVE-2018-15854)

* libxkbcommon: NULL pointer dereference when handling xkb_geometry (CVE-2018-15855)

* libxkbcommon: Infinite loop when reaching EOL unexpectedly resulting in a crash (CVE-2018-15856)

* libxkbcommon: NULL pointer dereference when parsing invalid atoms in ExprResolveLhs resulting in a crash (CVE-2018-15859)

* libxkbcommon: NULL pointer dereference in ExprResolveLhs resulting in a crash (CVE-2018-15861)

* libxkbcommon: NULL pointer dereference in LookupModMask resulting in a crash (CVE-2018-15862)

* libxkbcommon: NULL pointer dereference in ResolveStateAndPredicate resulting in a crash (CVE-2018-15863)

* libxkbcommon: NULL pointer dereference in resolve_keysym resulting in a crash (CVE-2018-15864)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1529419 - RHEL-7.5-Alpha Message log show " fatal IO error 11 (Resource temporarily unavailable) on X server ":9"" 1623009 - CVE-2018-15853 libxkbcommon: Endless recursion in xkbcomp/expr.c resulting in a crash 1623012 - CVE-2018-15854 libxkbcommon: NULL pointer dereference resulting in a crash 1623013 - CVE-2018-15855 libxkbcommon: NULL pointer dereference when handling xkb_geometry 1623018 - CVE-2018-15856 libxkbcommon: Infinite loop when reaching EOL unexpectedly resulting in a crash 1623022 - CVE-2018-15857 libxkbcommon: Invalid free in ExprAppendMultiKeysymList resulting in a crash 1623026 - CVE-2018-15859 libxkbcommon: NULL pointer dereference when parsing invalid atoms in ExprResolveLhs resulting in a crash 1623028 - CVE-2018-15861 libxkbcommon: NULL pointer dereference in ExprResolveLhs resulting in a crash 1623029 - CVE-2018-15862 libxkbcommon: NULL pointer dereference in LookupModMask resulting in a crash 1623030 - CVE-2018-15863 libxkbcommon: NULL pointer dereference in ResolveStateAndPredicate resulting in a crash 1623033 - CVE-2018-15864 libxkbcommon: NULL pointer dereference in resolve_keysym resulting in a crash 1623238 - CVE-2018-14598 libX11: Crash on invalid reply in XListExtensions in ListExt.c 1623242 - CVE-2018-14600 libX11: Out of Bounds write in XListExtensions in ListExt.c 1623250 - CVE-2018-14599 libX11: Off-by-one error in XListExtensions in ListExt.c 1624847 - [RHEL 7.6 Bug] Can not install with graphic mode or boot into graphic mode 1632807 - User session is terminated after User Switch 1635747 - Switching users in GNOME session is starting new X servers for the user, and a user logout is making it unusable. 1642197 - Cintiq 27QHD triggers error messages on proximity in 1648116 - radeon caicos family GPU locks up in ring 0 after update to 7.6 1650166 - Xorg crash after RHEL7.6 update 1650634 - FBDEV(1): FBIOPUTCMAP and xorg fails to load 1665433 - [Hyper-V][RHEL 7.6]Startx will have segment fault with hyper-V environment 1674474 - Xorg crashes with SIGABRT with radeon driver 1680120 - Killing inactive user causes active session to fail 1724300 - visual lag and screen update delays with libX11