Redhat Enterprise Linux Desktop vulnerabilities

CVE-2018-1050 [MEDIUM] CWE-476 CVE-2018-1050: All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC s All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.

CVE-2016-9600 [MEDIUM] CWE-476 CVE-2016-9600: JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded cr JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.

CVE-2018-7858 [MEDIUM] CWE-125 CVE-2018-7858: Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local g Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display.

CVE-2014-8130 [MEDIUM] CWE-369 CVE-2014-8130: The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows re The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.

CVE-2016-9591 [MEDIUM] CWE-416 CVE-2016-9591: JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 20 JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.

CVE-2018-1071 [MEDIUM] CWE-121 CVE-2018-1071: zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() fun zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.

CVE-2018-1054 [HIGH] CWE-120 CVE-2018-1054: An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filte An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.

CVE-2018-7740 [MEDIUM] CWE-119 CVE-2018-7740: The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call.

CVE-2018-5729 [MEDIUM] CWE-476 CVE-2018-5729: MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Ke MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.

CVE-2018-7726 [MEDIUM] CWE-119 CVE-2018-7726: An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_dir An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

CVE-2018-7725 [MEDIUM] CWE-119 CVE-2018-7725: An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service.

CVE-2018-7727 [MEDIUM] CWE-772 CVE-2018-7727: An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_me An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack.

CVE-2018-5730 [LOW] CWE-90 CVE-2018-5730: MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Ke MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.

CVE-2018-7643 [HIGH] CWE-190 CVE-2018-7643: The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.

CVE-2018-7642 [MEDIUM] CWE-476 CVE-2018-7642: The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy.

CVE-2018-7550 [HIGH] CWE-125 CVE-2018-7550: The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest O The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.

CVE-2017-15134 [HIGH] CWE-120 CVE-2017-15134: A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x befor A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.

CVE-2018-7569 [MEDIUM] CWE-190 CVE-2018-7569: dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2. dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.

CVE-2018-7568 [MEDIUM] CWE-190 CVE-2018-7568: The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as dist The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.

CVE-2018-7549 [HIGH] CWE-20 CVE-2018-7549: In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstr In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.