Canonical Ubuntu Linux vulnerabilities

CVE-2017-12617 [HIGH] CWE-434 CVE-2017-12617: When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0. When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code

CVE-2017-14493 [CRITICAL] CWE-119 CVE-2017-14493: Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of serv Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.

CVE-2017-14492 [CRITICAL] CWE-119 CVE-2017-14492: Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of servi Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.

CVE-2017-14495 [HIGH] CWE-772 CVE-2017-14495: Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is speci Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.

CVE-2017-14496 [HIGH] CWE-191 CVE-2017-14496: Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --ad Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.

CVE-2017-13704 [HIGH] CWE-20 CVE-2017-13704: In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.

CVE-2017-14494 [MEDIUM] CWE-200 CVE-2017-14494: dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.

CVE-2017-14862 [MEDIUM] CWE-119 CVE-2017-14862: An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 An Invalid memory address dereference was discovered in Exiv2::DataValue::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

CVE-2017-14864 [MEDIUM] CWE-119 CVE-2017-14864: An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

CVE-2017-14859 [MEDIUM] CWE-119 CVE-2017-14859: An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in An Invalid memory address dereference was discovered in Exiv2::StringValueBase::read in value.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

CVE-2017-14624 [CRITICAL] CWE-476 CVE-2017-14624: ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDeleg ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c.

CVE-2017-14625 [CRITICAL] CWE-476 CVE-2017-14625: ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_cr ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c.

CVE-2017-14626 [CRITICAL] CWE-476 CVE-2017-14626: ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.

CVE-2017-14632 [CRITICAL] CWE-119 CVE-2017-14632: Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the funct Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.

CVE-2017-14633 [MEDIUM] CWE-125 CVE-2017-14633: In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mappin In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().

CVE-2017-12153 [MEDIUM] CWE-476 CVE-2017-12153: A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and sy

CVE-2015-1329 [HIGH] CWE-416 CVE-2015-1329: Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt in Ubuntu 15.04 and 14 Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt in Ubuntu 15.04 and 14.04 LTS might allow remote attackers to execute arbitrary code.

CVE-2017-14607 [HIGH] CWE-125 CVE-2017-14607: In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.

CVE-2017-14532 [CRITICAL] CWE-476 CVE-2017-14532: ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c. ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.

CVE-2017-14531 [MEDIUM] CWE-770 CVE-2017-14531: ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c. ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c.