Canonical Ubuntu Linux vulnerabilities

CVE-2018-0202 [MEDIUM] CWE-125 CVE-2018-0202: clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remot clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated,

CVE-2018-1312 [CRITICAL] CWE-287 CVE-2018-1312: In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.

CVE-2017-15715 [HIGH] CWE-20 CVE-2017-15715: In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newli In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.

CVE-2018-1303 [HIGH] CWE-125 CVE-2018-1303: A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2 A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used

CVE-2017-15710 [HIGH] CWE-787 CVE-2017-15710: In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configur In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate

CVE-2018-1301 [MEDIUM] CWE-119 CVE-2018-1301: A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due t A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server us

CVE-2018-1302 [MEDIUM] CWE-476 CVE-2018-1302: When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4 When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug build

CVE-2018-1283 [MEDIUM] CVE-2018-1283: In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI a In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the "HTTP_SESSION" variable name used by mod_session to forward its data to CGIs, since the prefix "HTTP_" is also used by the A

CVE-2018-1000140 [CRITICAL] CWE-787 CVE-2018-1000140: rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.

CVE-2018-8960 [HIGH] CWE-125 CVE-2018-8960: The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict m The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read.

CVE-2018-8905 [HIGH] CWE-787 CVE-2018-8905: In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c v In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.

CVE-2017-18241 [MEDIUM] CWE-476 CVE-2017-18241: fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (N fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure.

CVE-2018-1000135 [HIGH] CWE-200 CVE-2018-1000135: GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerabil GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed, but later updates removed the fix. cf. https://bu

CVE-2018-8822 [HIGH] CWE-119 CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code.

CVE-2018-8881 [HIGH] CWE-125 CVE-2018-8881: Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in as Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string.

CVE-2018-8804 [HIGH] CWE-415 CVE-2018-8804: WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file.

CVE-2018-1068 [MEDIUM] CWE-119 CVE-2018-1068: A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.

CVE-2017-18234 [HIGH] CWE-416 CVE-2017-18234: An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of serv An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFi

CVE-2017-18236 [MEDIUM] CWE-835 CVE-2017-18236: An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFil An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file.

CVE-2017-18233 [MEDIUM] CWE-190 CVE-2017-18233: An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/sour An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file.