Redhat Enterprise Linux Server vulnerabilities

CVE-2018-14659 [MEDIUM] CWE-400 CVE-2018-14659: The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's ru

CVE-2018-14652 [MEDIUM] CWE-120 CVE-2018-14652: The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'f The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service.

CVE-2016-2125 [MEDIUM] CWE-287 CVE-2016-2125: It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets wh It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.

CVE-2018-14661 [MEDIUM] CWE-20 CVE-2018-14661: It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service.

CVE-2018-14654 [MEDIUM] CWE-22 CVE-2018-14654: The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' transla The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server.

CVE-2018-15688 [HIGH] CWE-120 CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to ov A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.

CVE-2018-14665 [MEDIUM] CWE-863 CVE-2018-14665: A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.

CVE-2018-18585 [MEDIUM] CWE-476 CVE-2018-18585: chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).

CVE-2018-18559 [HIGH] CWE-362 CVE-2018-18559: In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_ In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister ac

CVE-2018-18284 [HIGH] CVE-2018-18284: Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via v Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator.

CVE-2018-18521 [MEDIUM] CWE-369 CVE-2018-18521: Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allo Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.

CVE-2018-18520 [MEDIUM] CWE-119 CVE-2018-18520: An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted

CVE-2018-12387 [CRITICAL] CWE-20 CVE-2018-12387: A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple argumen A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2

CVE-2018-12378 [CRITICAL] CWE-416 CVE-2018-12378: A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by Ja A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.

CVE-2018-12377 [CRITICAL] CWE-416 CVE-2018-12377: A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstan A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.

CVE-2018-12376 [CRITICAL] CWE-119 CVE-2018-12376: Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1.

CVE-2018-5188 [CRITICAL] CWE-119 CVE-2018-5188: Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs s Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefo

CVE-2018-5156 [CRITICAL] CWE-20 CVE-2018-5156: A vulnerability can occur when capturing a media stream when the media source type is changed as the A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.

CVE-2018-12379 [HIGH] CWE-787 CVE-2018-12379: When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2

CVE-2018-12360 [HIGH] CWE-416 CVE-2018-12360: A use-after-free vulnerability can occur when deleting an input element during a mutation event hand A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.