Canonical Ubuntu Linux vulnerabilities

CVE-2018-15854 [MEDIUM] CWE-476 CVE-2018-15854: Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NU Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly.

CVE-2018-15862 [MEDIUM] CWE-476 CVE-2018-15862: Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be u Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers.

CVE-2018-15864 [MEDIUM] CWE-476 CVE-2018-15864: Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could b Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created.

CVE-2018-15858 [MEDIUM] CWE-476 CVE-2018-15858: Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keyc Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file.

CVE-2018-15853 [MEDIUM] CWE-400 CVE-2018-15853: Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could b Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation.

CVE-2018-15863 [MEDIUM] CWE-476 CVE-2018-15863: Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8 Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression.

CVE-2018-15859 [MEDIUM] CWE-476 CVE-2018-15859: Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbco Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled.

CVE-2018-14600 [CRITICAL] CWE-787 CVE-2018-14600: An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interpret An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution.

CVE-2018-14599 [CRITICAL] CWE-193 CVE-2018-14599: An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulner An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.

CVE-2018-14598 [HIGH] CWE-20 CVE-2018-14598: An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).

CVE-2018-15120 [MEDIUM] CWE-119 CVE-2018-15120: libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attack libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.

CVE-2018-15822 [HIGH] CWE-617 CVE-2018-15822: The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an em The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure.

CVE-2018-10858 [HIGH] CWE-20 CVE-2018-10858: A heap-buffer overflow was found in the way samba clients processed extra long filename in a directo A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.

CVE-2018-1139 [HIGH] CWE-20 CVE-2018-1139: A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authenticati A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.

CVE-2018-10846 [MEDIUM] CWE-385 CVE-2018-10846: A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM at A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.

CVE-2018-10844 [MEDIUM] CWE-385 CVE-2018-10844: It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.

CVE-2018-10845 [MEDIUM] CWE-385 CVE-2018-10845: It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.

CVE-2018-10918 [MEDIUM] CWE-476 CVE-2018-10918: A null pointer dereference flaw was found in the way samba checked database outputs from the LDB dat A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Directory Domain Controller configuration. Samba versions before 4.7.9 and 4.8.4 are vulnerable.

CVE-2018-10919 [MEDIUM] CWE-203 CVE-2018-10919: The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of m The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.

CVE-2018-10902 [HIGH] CWE-416 CVE-2018-10902: It was found that the raw midi kernel driver does not protect against concurrent access which leads It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.