Canonical Ubuntu Linux vulnerabilities

CVE-2018-6594 [HIGH] CWE-326 CVE-2018-6594: lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, whi lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementati

CVE-2017-14180 [HIGH] CVE-2017-14180: Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowin Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.

CVE-2017-14177 [HIGH] CVE-2017-14177: Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324.

CVE-2017-14179 [HIGH] CWE-400 CVE-2017-14179: Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.

CVE-2018-6541 [MEDIUM] CVE-2018-6541: In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling di In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

CVE-2018-6540 [MEDIUM] CVE-2018-6540: In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_ In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

CVE-2018-6484 [MEDIUM] CVE-2018-6484: In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

CVE-2018-1000001 [HIGH] CWE-787 CVE-2018-1000001: In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be use In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.

CVE-2017-18043 [MEDIUM] CWE-190 CVE-2017-18043: Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a deni Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) allows a user to cause a denial of service (Qemu process crash).

CVE-2018-6405 [MEDIUM] CWE-772 CVE-2018-6405: In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service.

CVE-2017-18079 [HIGH] CWE-476 CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.

CVE-2018-6381 [MEDIUM] CWE-119 CVE-2018-6381: In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64, 0.13.63, 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57 and 0.13.56 there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data.

CVE-2018-5750 [MEDIUM] CWE-200 CVE-2018-5750: The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows lo The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.

CVE-2017-15132 [HIGH] CWE-400 CVE-2017-15132: A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.

CVE-2018-6197 [HIGH] CWE-476 CVE-2018-6197: w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c. w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.

CVE-2018-6196 [HIGH] CWE-835 CVE-2018-6196: w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_blo w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value.

CVE-2018-6198 [MEDIUM] CWE-59 CVE-2018-6198: w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.

CVE-2018-1000005 [CRITICAL] CWE-125 CVE-2018-1000005: libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the

CVE-2018-1000007 [CRITICAL] CVE-2018-1000007: libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` respo

CVE-2017-18075 [HIGH] CWE-763 CVE-2017-18075: crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local us crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of s