Canonical Ubuntu Linux vulnerabilities

CVE-2018-12698 [HIGH] CVE-2018-12698: demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attac demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.

CVE-2018-12617 [HIGH] CWE-190 CVE-2018-12617: qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agen qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a lar

CVE-2018-3665 [MEDIUM] CWE-200 CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based micropro System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.

CVE-2018-12599 [HIGH] CWE-787 CVE-2018-12599: In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.

CVE-2018-12600 [HIGH] CWE-787 CVE-2018-12600: In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.

CVE-2018-1120 [MEDIUM] CWE-122 CVE-2018-1120: A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file ont A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc//cmdline (or /proc//environ) files to blo

CVE-2018-10811 [HIGH] CWE-909 CVE-2018-10811: strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Va strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.

CVE-2018-12293 [HIGH] CWE-190 CVE-2018-12293: The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBuff The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content.

CVE-2018-1061 [HIGH] CWE-20 CVE-2018-1061: python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic bac python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.

CVE-2018-1333 [HIGH] CWE-400 CVE-2018-1333: By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33).

CVE-2018-1060 [HIGH] CWE-20 CVE-2018-1060: python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic bac python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

CVE-2018-1152 [MEDIUM] CWE-369 CVE-2018-1152: libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero w libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.

CVE-2018-11574 [CRITICAL] CWE-20 CVE-2018-11574: Improper input validation together with an integer overflow in the EAP-TLS protocol implementation i Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files. Configurations that use the `refuse-app` option are unaffect

CVE-2018-11806 [HIGH] CWE-787 CVE-2018-11806: m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.

CVE-2018-12265 [HIGH] CWE-125 CVE-2018-12265: Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of- Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.

CVE-2018-12264 [HIGH] CWE-125 CVE-2018-12264: Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bound Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.

CVE-2018-0495 [MEDIUM] CWE-203 CVE-2018-0495: Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA si Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access t

CVE-2018-5814 [HIGH] CWE-362 CVE-2018-5814: In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition e In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets.

CVE-2018-12233 [HIGH] CWE-119 CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorre

CVE-2018-0732 [HIGH] CWE-320 CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed