Redhat Enterprise Linux Workstation vulnerabilities

CVE-2018-7550 [HIGH] CWE-125 CVE-2018-7550: The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest O The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.

CVE-2017-15134 [HIGH] CWE-120 CVE-2017-15134: A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x befor A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.

CVE-2018-7569 [MEDIUM] CWE-190 CVE-2018-7569: dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2. dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.

CVE-2018-7568 [MEDIUM] CWE-190 CVE-2018-7568: The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as dist The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.

CVE-2018-7549 [HIGH] CWE-20 CVE-2018-7549: In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstr In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.

CVE-2018-6764 [HIGH] CWE-346 CVE-2018-6764: util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which al util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.

CVE-2018-7225 [CRITICAL] CWE-190 CVE-2018-7225: An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.

CVE-2018-5379 [CRITICAL] CWE-415 CVE-2018-5379: The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain f The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.

CVE-2018-7208 [HIGH] CWE-20 CVE-2018-7208: In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka li In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object

CVE-2018-1049 [MEDIUM] CWE-362 CVE-2018-1049: In systemd prior to 234 a race condition exists between .mount and .automount units such that automo In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.

CVE-2018-6927 [HIGH] CWE-190 CVE-2018-6927: The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attacker The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.

CVE-2018-6871 [CRITICAL] CVE-2018-6871: LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =W LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.

CVE-2018-1000026 [HIGH] CWE-20 CVE-2018-1000026: Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2

CVE-2018-4877 [CRITICAL] CWE-416 CVE-2018-4877: A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerab A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution.

CVE-2018-4878 [HIGH] CWE-416 CVE-2018-4878: A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerab A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.

CVE-2018-6560 [HIGH] CWE-436 CVE-2018-6560: In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.

CVE-2018-6485 [CRITICAL] CWE-190 CVE-2018-6485: An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C L An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.

CVE-2018-1000001 [HIGH] CWE-787 CVE-2018-1000001: In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be use In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.

CVE-2018-5750 [MEDIUM] CWE-200 CVE-2018-5750: The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows lo The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.

CVE-2018-5748 [HIGH] CWE-400 CVE-2018-5748: qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) vi qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.