Canonical Ubuntu Linux vulnerabilities

CVE-2018-19409 [CRITICAL] CVE-2018-19409: An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctl An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used.

CVE-2018-19407 [MEDIUM] CWE-476 CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.

CVE-2018-16395 [CRITICAL] CVE-2018-16395: An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x befor An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument conta

CVE-2018-16396 [HIGH] CVE-2018-16396: An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x befo An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.

CVE-2018-18955 [HIGH] CWE-863 CVE-2018-18955: In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allo In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading

CVE-2018-5407 [MEDIUM] CWE-200 CVE-2018-5407: Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerab Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

CVE-2018-18954 [MEDIUM] CWE-125 CVE-2018-18954: The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or re The pnv_lpc_do_eccb function in hw/ppc/pnv_lpc.c in Qemu before 3.1 allows out-of-bounds write or read access to PowerNV memory.

CVE-2018-17466 [HIGH] CWE-125 CVE-2018-17466: Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

CVE-2018-16850 [CRITICAL] CWE-89 CVE-2018-16850: postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges.

CVE-2018-19210 [MEDIUM] CWE-476 CVE-2018-19210: In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_d In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset.

CVE-2018-19149 [MEDIUM] CWE-476 CVE-2018-19149: Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from pop Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.

CVE-2018-19107 [MEDIUM] CWE-125 CVE-2018-19107: In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image read In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file.

CVE-2018-19108 [MEDIUM] CWE-835 CVE-2018-19108: In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file.

CVE-2018-16844 [HIGH] CWE-400 CVE-2018-16844: nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.

CVE-2018-16843 [HIGH] CWE-400 CVE-2018-16843: nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file.

CVE-2018-19060 [MEDIUM] CWE-476 CVE-2018-19060: An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, w An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.

CVE-2018-16845 [MEDIUM] CWE-400 CVE-2018-16845: nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might all nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_modul

CVE-2018-19059 [MEDIUM] CWE-125 CVE-2018-19059: An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSp An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.

CVE-2018-19058 [MEDIUM] CWE-670 CVE-2018-19058: An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to deni An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.

CVE-2018-9516 [HIGH] CWE-787 CVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580.