Canonical Ubuntu Linux vulnerabilities

CVE-2018-6554 [MEDIUM] CWE-400 CVE-2018-6554: Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket.

CVE-2018-16435 [MEDIUM] CWE-190 CVE-2018-16435: Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet f Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.

CVE-2018-16402 [CRITICAL] CWE-415 CVE-2018-16402: libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.

CVE-2018-16336 [MEDIUM] CVE-2018-16336: Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999.

CVE-2018-16323 [MEDIUM] CWE-200 CVE-2018-16323: ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.

CVE-2018-16276 [HIGH] CWE-787 CVE-2018-16276: An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.

CVE-2018-14622 [HIGH] CWE-252 CVE-2018-14622: A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new conne

CVE-2018-16140 [HIGH] CWE-787 CVE-2018-16140: A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to wri A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file.

CVE-2018-16062 [MEDIUM] CWE-125 CVE-2018-16062: dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attacker dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.

CVE-2018-15911 [HIGH] CWE-908 CVE-2018-15911: In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.

CVE-2017-15422 [MEDIUM] CWE-190 CVE-2017-15422: Integer overflow in international date handling in International Components for Unicode (ICU) for C/ Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

CVE-2018-15909 [HIGH] CWE-704 CVE-2018-15909: In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.

CVE-2018-15910 [HIGH] CWE-704 CVE-2018-15910: In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a ty In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.

CVE-2018-15908 [HIGH] CVE-2018-15908: In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript fil In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.

CVE-2018-10938 [MEDIUM] CWE-835 CVE-2018-10938: A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLa

CVE-2011-2767 [CRITICAL] CWE-94 CVE-2011-2767: mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user- mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context

CVE-2018-15857 [HIGH] CWE-416 CVE-2018-15857: An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file.

CVE-2018-15856 [MEDIUM] CWE-835 CVE-2018-15856: An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbco An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files.

CVE-2018-15861 [MEDIUM] CWE-476 CVE-2018-15861: Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure.

CVE-2018-15855 [MEDIUM] CWE-476 CVE-2018-15855: Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NU Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled.