Canonical Ubuntu Linux vulnerabilities

CVE-2017-18267 [MEDIUM] CWE-835 CVE-2017-18267: The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote atta The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.

CVE-2018-1118 [MEDIUM] CWE-665 CVE-2018-1118: Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.

CVE-2018-8897 [HIGH] CWE-362 CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Develop A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS

CVE-2018-10805 [MEDIUM] CWE-772 CVE-2018-10805: ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.

CVE-2017-2592 [MEDIUM] CWE-532 CVE-2017-2592: python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclos python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).

CVE-2018-10804 [MEDIUM] CWE-772 CVE-2018-10804: ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c.

CVE-2018-10779 [MEDIUM] CWE-125 CVE-2018-10779: TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.

CVE-2018-0494 [MEDIUM] CWE-20 CVE-2018-0494: GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.

CVE-2018-10768 [MEDIUM] CWE-476 CVE-2018-10768: There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubun There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.

CVE-2018-10675 [HIGH] CWE-416 CVE-2018-10675: The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.

CVE-2018-10583 [HIGH] CWE-200 CVE-2018-10583: An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4 An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.

CVE-2018-10529 [HIGH] CWE-125 CVE-2018-10529: An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp.

CVE-2018-10549 [HIGH] CWE-125 CVE-2018-10549: An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x be An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character.

CVE-2018-10546 [HIGH] CWE-835 CVE-2018-10546: An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x be An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.

CVE-2018-10548 [HIGH] CWE-476 CVE-2018-10548: An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x be An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value.

CVE-2018-10528 [HIGH] CWE-787 CVE-2018-10528: An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char fun An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp.

CVE-2018-10545 [MEDIUM] CWE-200 CVE-2018-10545: An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x be An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second

CVE-2018-10547 [MEDIUM] CWE-79 CVE-2018-10547: An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x b An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.

CVE-2018-1059 [MEDIUM] CWE-200 CVE-2018-1059: The DPDK vhost-user interface does not check to verify that all the requested guest physical range i The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.

CVE-2018-10323 [MEDIUM] CWE-476 CVE-2018-10323: The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16. The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.