Canonical Ubuntu Linux vulnerabilities

CVE-2018-9363 [HIGH] CWE-190 CVE-2018-9363: In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.

CVE-2018-9415 [HIGH] CWE-415 CVE-2018-9415: In driver_override_store and driver_override_show of bus.c, there is a possible double free due to i In driver_override_store and driver_override_show of bus.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69129004 References: Upstream kernel.

CVE-2018-16847 [HIGH] CWE-787 CVE-2018-16847: An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It co An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process.

CVE-2018-18897 [MEDIUM] CWE-772 CVE-2018-18897: An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfil An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo.

CVE-2018-16842 [CRITICAL] CWE-125 CVE-2018-16842: Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.

CVE-2018-16839 [CRITICAL] CWE-122 CVE-2018-16839: Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication co Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.

CVE-2018-16840 [CRITICAL] CWE-416 CVE-2018-16840: A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that

CVE-2016-6328 [HIGH] CWE-190 CVE-2016-6328: A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the i A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data).

CVE-2018-18873 [MEDIUM] CWE-476 CVE-2018-18873: An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_pu An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.

CVE-2018-18281 [HIGH] CWE-459 CVE-2018-18281: Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable l Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allo

CVE-2018-0734 [MEDIUM] CWE-327 CVE-2018-0734: The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

CVE-2018-18751 [CRITICAL] CWE-415 CVE-2018-18751: An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.

CVE-2018-0735 [MEDIUM] CWE-327 CVE-2018-0735: The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attac The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).

CVE-2018-18710 [MEDIUM] CVE-2018-18710: An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_ An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658.

CVE-2018-18653 [HIGH] CWE-347 CVE-2018-18653: The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows priv The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. This occurs because a modified kernel/module.c, in conjunction with certain configuration options, leads to mishandling of the

CVE-2018-15688 [HIGH] CWE-120 CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to ov A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.

CVE-2018-15686 [HIGH] CWE-502 CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across s A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.

CVE-2018-15687 [HIGH] CWE-362 CVE-2018-15687: A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary perm A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.

CVE-2018-18661 [MEDIUM] CWE-476 CVE-2018-18661: An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDec An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c.

CVE-2018-18690 [MEDIUM] CWE-754 CVE-2018-18690: In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an