libxkbcommon 0.8.2, CVE-2018-15853 through to 15864. These fix a number of memory handling issues with xkbcommon. Together with the keymap FD handling in various Wayland compositors (keymaps could be mapped rw and clients could thus replace the content) libxkbcommon's memory issues could serve as attack vector to gain access to another client. The update to 0.8.2 is a lot easier and safer than backporting all patches, given the number of other fixes not (yet?) assigned a CVE.
sudo dnf upgrade --advisory=FEDORA-2018-11ed8d95e2
Please login to add feedback.
This update has been submitted for testing by whot.
This update has been pushed to testing.
fyi: CVE-2018-15860 was not assigned to libxkbcommon.
no regressions noted
This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes
Works
works for me in a VM
This update has been submitted for batched by bodhi.
This update has been submitted for stable by bodhi.
This update has been pushed to stable.