Security update for xkbcomp SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:20186-1 Final 1 1 2026-01-28T15:47:14Z current 2026-01-28T15:47:14Z 2026-01-28T15:47:14Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xkbcomp This update for xkbcomp fixes the following issues: - CVE-2018-15863, CVE-2018-15861, CVE-2018-15859, CVE-2018-15853: Fixed multiple memory handling and correctness issues (bsc#1105832) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLES-16.0-208 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-202620186-1/ Link for SUSE-SU-2026:20186-1 https://lists.suse.com/pipermail/sle-security-updates/2026-February/024030.html E-Mail link for SUSE-SU-2026:20186-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1105832 SUSE Bug 1105832 https://www.suse.com/security/cve/CVE-2018-15853/ SUSE CVE CVE-2018-15853 page https://www.suse.com/security/cve/CVE-2018-15859/ SUSE CVE CVE-2018-15859 page https://www.suse.com/security/cve/CVE-2018-15861/ SUSE CVE CVE-2018-15861 page https://www.suse.com/security/cve/CVE-2018-15863/ SUSE CVE CVE-2018-15863 page SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Server for SAP applications 16.0 xkbcomp-1.4.7-160000.3.1 xkbcomp-devel-1.4.7-160000.3.1 xkbcomp-1.4.7-160000.3.1 as a component of SUSE Linux Enterprise Server 16.0 xkbcomp-devel-1.4.7-160000.3.1 as a component of SUSE Linux Enterprise Server 16.0 xkbcomp-1.4.7-160000.3.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 xkbcomp-devel-1.4.7-160000.3.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation. CVE-2018-15853 SUSE Linux Enterprise Server 16.0:xkbcomp-1.4.7-160000.3.1 SUSE Linux Enterprise Server 16.0:xkbcomp-devel-1.4.7-160000.3.1 SUSE Linux Enterprise Server for SAP applications 16.0:xkbcomp-1.4.7-160000.3.1 SUSE Linux Enterprise Server for SAP applications 16.0:xkbcomp-devel-1.4.7-160000.3.1 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-202620186-1/ https://www.suse.com/security/cve/CVE-2018-15853.html CVE-2018-15853 https://bugzilla.suse.com/1105832 SUSE Bug 1105832 Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled. CVE-2018-15859 SUSE Linux Enterprise Server 16.0:xkbcomp-1.4.7-160000.3.1 SUSE Linux Enterprise Server 16.0:xkbcomp-devel-1.4.7-160000.3.1 SUSE Linux Enterprise Server for SAP applications 16.0:xkbcomp-1.4.7-160000.3.1 SUSE Linux Enterprise Server for SAP applications 16.0:xkbcomp-devel-1.4.7-160000.3.1 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-202620186-1/ https://www.suse.com/security/cve/CVE-2018-15859.html CVE-2018-15859 https://bugzilla.suse.com/1105832 SUSE Bug 1105832 Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure. CVE-2018-15861 SUSE Linux Enterprise Server 16.0:xkbcomp-1.4.7-160000.3.1 SUSE Linux Enterprise Server 16.0:xkbcomp-devel-1.4.7-160000.3.1 SUSE Linux Enterprise Server for SAP applications 16.0:xkbcomp-1.4.7-160000.3.1 SUSE Linux Enterprise Server for SAP applications 16.0:xkbcomp-devel-1.4.7-160000.3.1 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-202620186-1/ https://www.suse.com/security/cve/CVE-2018-15861.html CVE-2018-15861 https://bugzilla.suse.com/1105832 SUSE Bug 1105832 Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression. CVE-2018-15863 SUSE Linux Enterprise Server 16.0:xkbcomp-1.4.7-160000.3.1 SUSE Linux Enterprise Server 16.0:xkbcomp-devel-1.4.7-160000.3.1 SUSE Linux Enterprise Server for SAP applications 16.0:xkbcomp-1.4.7-160000.3.1 SUSE Linux Enterprise Server for SAP applications 16.0:xkbcomp-devel-1.4.7-160000.3.1 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-202620186-1/ https://www.suse.com/security/cve/CVE-2018-15863.html CVE-2018-15863 https://bugzilla.suse.com/1105832 SUSE Bug 1105832