Canonical Ubuntu Linux vulnerabilities

CVE-2018-11655 [MEDIUM] CWE-772 CVE-2018-11655: In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePi In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted CALS image file.

CVE-2018-11577 [HIGH] CWE-120 CVE-2018-11577: Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c.

CVE-2018-11625 [HIGH] CWE-125 CVE-2018-11625: In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a he In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file.

CVE-2018-5388 [MEDIUM] CWE-124 CVE-2018-5388: In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer un In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.

CVE-2018-11235 [HIGH] CWE-22 CVE-2018-11235: In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x b In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then ap

CVE-2018-11233 [HIGH] CWE-125 CVE-2018-11233: In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x b In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.

CVE-2018-10196 [MEDIUM] CWE-476 CVE-2018-10196: NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the do NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.

CVE-2018-11531 [CRITICAL] CWE-787 CVE-2018-11531: Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.

CVE-2018-11506 [HIGH] CWE-787 CVE-2018-11506: The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call.

CVE-2018-11508 [MEDIUM] CWE-200 CVE-2018-11508: The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local user The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.

CVE-2018-11490 [HIGH] CWE-129 CVE-2018-11490: The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped i The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.

CVE-2018-11440 [HIGH] CWE-787 CVE-2018-11440: Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTab Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.

CVE-2018-11469 [MEDIUM] CWE-200 CVE-2018-11469: Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 throug Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticated remote request, related to the proto_http.c check_request_for_cacheability function.

CVE-2018-8013 [CRITICAL] CWE-502 CVE-2018-8013: In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.

CVE-2018-1000300 [CRITICAL] CWE-787 CVE-2018-1000300: curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl = 7.

CVE-2018-11410 [CRITICAL] CWE-416 CVE-2018-11410: An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTran An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

CVE-2018-1000301 [CRITICAL] CWE-125 CVE-2018-1000301: curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerabi curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl = 7.60.0.

CVE-2018-11412 [MEDIUM] CWE-416 CVE-2018-11412: In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a mem In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.

CVE-2018-1000199 [MEDIUM] CWE-119 CVE-2018-1000199: The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoin The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad

CVE-2018-1126 [CRITICAL] CVE-2018-1126: procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading t procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.