Canonical Ubuntu Linux vulnerabilities

CVE-2018-1124 [HIGH] CWE-122 CVE-2018-1124: procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corrup procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.

CVE-2018-1122 [HIGH] CWE-829 CVE-2018-1122: procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.

CVE-2018-1125 [HIGH] CWE-121 CVE-2018-1125: procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerabilit procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.

CVE-2018-1123 [HIGH] CWE-122 CVE-2018-1123: procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).

CVE-2018-3639 [MEDIUM] CWE-203 CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory rea Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

CVE-2018-1108 [MEDIUM] CWE-330 CVE-2018-1108: kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementa kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.

CVE-2018-11237 [HIGH] CWE-787 CVE-2018-11237: An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6 An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.

CVE-2017-18273 [MEDIUM] CWE-835 CVE-2017-18273: In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the funct In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call.

CVE-2017-18271 [MEDIUM] CWE-835 CVE-2017-18271: In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the funct In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file.

CVE-2018-8014 [CRITICAL] CWE-1188 CVE-2018-8014: The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5. The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default conf

CVE-2018-11212 [MEDIUM] CWE-369 CVE-2018-11212: An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote a An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.

CVE-2018-11213 [MEDIUM] CVE-2018-11213: An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attac An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.

CVE-2018-11214 [MEDIUM] CVE-2018-11214: An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attack An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.

CVE-2018-1087 [HIGH] CWE-250 CVE-2018-1087: kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and e

CVE-2018-10999 [MEDIUM] CWE-125 CVE-2018-10999: An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a h An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read.

CVE-2018-10998 [MEDIUM] CVE-2018-10998: An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call.

CVE-2017-18266 [HIGH] CWE-74 CVE-2017-18266: The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before laun The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.

CVE-2018-1130 [MEDIUM] CWE-476 CVE-2018-1130: Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit( Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.

CVE-2018-10963 [MEDIUM] CVE-2018-10963: The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attack The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726.

CVE-2018-10958 [MEDIUM] CWE-119 CVE-2018-10958: In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory all In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call.