Redhat Enterprise Linux Server vulnerabilities

CVE-2018-11212 [MEDIUM] CWE-369 CVE-2018-11212: An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote a An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.

CVE-2018-1087 [HIGH] CWE-250 CVE-2018-1087: kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and e

CVE-2018-10998 [MEDIUM] CVE-2018-10998: An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call.

CVE-2018-1130 [MEDIUM] CWE-476 CVE-2018-1130: Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit( Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.

CVE-2017-18267 [MEDIUM] CWE-835 CVE-2017-18267: The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote atta The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.

CVE-2018-1118 [MEDIUM] CWE-665 CVE-2018-1118: Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.

CVE-2018-1089 [HIGH] CWE-122 CVE-2018-1089: 389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters w 389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.

CVE-2018-8897 [HIGH] CWE-362 CVE-2018-8897: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Develop A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS

CVE-2018-10767 [MEDIUM] CWE-125 CVE-2018-10767: There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_ty There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack.

CVE-2018-0494 [MEDIUM] CWE-20 CVE-2018-0494: GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \r\n sequence in a continuation line.

CVE-2018-10768 [MEDIUM] CWE-476 CVE-2018-10768: There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubun There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected.

CVE-2018-10733 [MEDIUM] CWE-125 CVE-2018-10733: There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack.

CVE-2018-10675 [HIGH] CWE-416 CVE-2018-10675: The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.

CVE-2018-10583 [HIGH] CWE-200 CVE-2018-10583: An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4 An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document.

CVE-2018-10534 [MEDIUM] CWE-787 CVE-2018-10534: The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (B The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulti

CVE-2018-10535 [MEDIUM] CWE-476 CVE-2018-10535: The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), a The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a "SECTION" type that has a "0" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and applica

CVE-2018-10372 [MEDIUM] CWE-125 CVE-2018-10372: process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of ser process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf.

CVE-2018-10373 [MEDIUM] CWE-476 CVE-2018-10373: concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new.

CVE-2017-2885 [CRITICAL] CWE-787 CVE-2017-2885: An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A special An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.

CVE-2018-10322 [MEDIUM] CWE-476 CVE-2018-10322: The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 a The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.