Canonical Ubuntu Linux vulnerabilities

CVE-2018-14352 [CRITICAL] CWE-787 CVE-2018-14352: An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in im An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow.

CVE-2018-14353 [CRITICAL] CWE-191 CVE-2018-14353: An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in im An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.

CVE-2018-14356 [CRITICAL] CWE-824 CVE-2018-14356: An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID.

CVE-2018-14349 [CRITICAL] CWE-20 CVE-2018-14349: An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandl An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message.

CVE-2018-14351 [CRITICAL] CWE-20 CVE-2018-14351: An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandl An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size.

CVE-2018-14354 [CRITICAL] CWE-78 CVE-2018-14354: An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription.

CVE-2018-14355 [MEDIUM] CWE-22 CVE-2018-14355: An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name.

CVE-2018-10840 [MEDIUM] CWE-122 CVE-2018-10840: Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_ent Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.

CVE-2018-0360 [MEDIUM] CWE-190 CVE-2018-0360: ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangu ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.

CVE-2018-10875 [HIGH] CWE-426 CVE-2018-10875: A flaw was found in ansible. ansible.cfg is read from the current working directory which can be alt A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.

CVE-2018-0500 [CRITICAL] CWE-787 CVE-2018-0500: Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buff Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).

CVE-2018-1116 [MEDIUM] CWE-285 CVE-2018-1116: A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactiv A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.

CVE-2018-13785 [MEDIUM] CWE-190 CVE-2018-13785: In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.

CVE-2018-13440 [MEDIUM] CWE-476 CVE-2018-13440: The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in m The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert.

CVE-2018-13406 [HIGH] CWE-190 CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux ke An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.

CVE-2018-13405 [HIGH] CWE-269 CVE-2018-13405: The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to c The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is th

CVE-2018-12910 [CRITICAL] CWE-125 CVE-2018-12910: The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.

CVE-2018-13153 [MEDIUM] CWE-772 CVE-2018-13153: In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate. In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.

CVE-2018-13096 [MEDIUM] CWE-125 CVE-2018-13096: An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service (ou An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image.

CVE-2018-10855 [MEDIUM] CWE-532 CVE-2018-10855: Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tas Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.