Canonical Ubuntu Linux vulnerabilities

CVE-2018-1000802 [CRITICAL] CWE-77 CVE-2018-1000802: Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization o Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack a

CVE-2018-11780 [CRITICAL] CWE-94 CVE-2018-11780: A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3 A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.

CVE-2018-11781 [HIGH] CWE-94 CVE-2018-11781: Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.

CVE-2017-15705 [MEDIUM] CWE-20 CVE-2017-15705: A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. Th A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both

CVE-2018-17095 [HIGH] CWE-787 CVE-2018-17095: An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3. An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert.

CVE-2018-17100 [HIGH] CWE-190 CVE-2018-17100: An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.

CVE-2018-17101 [HIGH] CWE-787 CVE-2018-17101: An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.

CVE-2018-17000 [MEDIUM] CWE-476 CVE-2018-17000: A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectory A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp.

CVE-2018-10853 [HIGH] CWE-250 CVE-2018-10853: A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sg A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest.

CVE-2018-16802 [HIGH] CVE-2018-16802: An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" che An issue was discovered in Artifex Ghostscript before 9.25. Incorrect "restoration of privilege" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction. This is due to an incomplete fix for CVE-2018-16509.

CVE-2018-14625 [HIGH] CWE-416 CVE-2018-14625: A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to k A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clien

CVE-2016-7056 [MEDIUM] CWE-385 CVE-2016-7056: A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with l A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.

CVE-2018-16749 [MEDIUM] CWE-476 CVE-2018-16749: In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file.

CVE-2018-16750 [MEDIUM] CWE-772 CVE-2018-16750: In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/me In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found.

CVE-2018-0643 [MEDIUM] CWE-78 CVE-2018-0643: Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-server) 1:1.4.9+p41-u4jma1 and ear Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-server) 1:1.4.9+p41-u4jma1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via unspecified vectors.

CVE-2018-0644 [MEDIUM] CWE-119 CVE-2018-0644: Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4. Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u4jma1 and earlier, and Ubuntu16.04 ORCA (Online Receipt Computer Advantage) 5.0.0 (panda-client2) 1:2.0.0+p48-u5jma1 and earlier allows aut

CVE-2018-16658 [MEDIUM] CVE-2018-16658: An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_ An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940.

CVE-2018-16585 [HIGH] CVE-2018-16585: An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified ot

CVE-2018-5391 [HIGH] CWE-400 CVE-2018-5391: The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of speci The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current

CVE-2018-16644 [MEDIUM] CWE-119 CVE-2018-16644: There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image.