Canonical Ubuntu Linux vulnerabilities

CVE-2017-17789 [HIGH] CWE-787 CVE-2017-17789: In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-p In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c.

CVE-2017-17788 [MEDIUM] CWE-125 CVE-2017-17788: In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when the In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string.

CVE-2017-17682 [MEDIUM] CWE-400 CVE-2017-17682: In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted wpg image file that triggers a ReadWPGImage call.

CVE-2017-17681 [MEDIUM] CWE-835 CVE-2017-17681: In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannel In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file.

CVE-2017-17680 [MEDIUM] CWE-772 CVE-2017-17680: In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in c In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted xpm image file.

CVE-2017-17669 [MEDIUM] CWE-125 CVE-2017-17669: There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of png There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack.

CVE-2017-17499 [CRITICAL] CWE-416 CVE-2017-17499: ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in M ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.

CVE-2017-1000407 [HIGH] CWE-754 CVE-2017-1000407: The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic po The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.

CVE-2017-17504 [MEDIUM] CWE-125 CVE-2017-17504: ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-re ImageMagick before 7.0.7-12 has a coders/png.c Magick_png_read_raw_profile heap-based buffer over-read via a crafted file, related to ReadOneMNGImage.

CVE-2017-17480 [CRITICAL] CWE-787 CVE-2017-17480: In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/ In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.

CVE-2017-13168 [HIGH] CWE-732 CVE-2017-13168: An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Andro An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233.

CVE-2017-15868 [HIGH] CWE-20 CVE-2017-15868: The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does n The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application.

CVE-2016-1252 [MEDIUM] CWE-295 CVE-2016-1252: The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14 The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when valid

CVE-2017-16612 [HIGH] CWE-190 CVE-2017-16612: libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.

CVE-2017-17087 [MEDIUM] CVE-2017-17087: fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary gr fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.

CVE-2017-16611 [MEDIUM] CWE-59 CVE-2017-16611: In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.

CVE-2017-14746 [CRITICAL] CWE-416 CVE-2017-14746: Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.

CVE-2017-14176 [HIGH] CVE-2017-14176: Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary comm Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.

CVE-2017-15275 [HIGH] CWE-119 CVE-2017-15275: Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failur Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.

CVE-2017-16544 [HIGH] CWE-94 CVE-2017-16544: In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete featur In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.