CVE Summary
The following CVE are available for all releases offered through Unbreakable Linux Network (ULN).
Synopsis
CVE-2105-1331** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.2017-05-12
CVE-2017-9524** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2017-05-26
CVE-2017-9462In Mercurial before 4.1.3, hg serve --stdio allows remoteauthenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name. 2017-04-18
CVE-2017-9148The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS. 2017-05-08
CVE-2017-8905Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback,which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215. 2017-05-02
CVE-2017-8904Xen through 4.8.x mishandles the contains2017-05-02
CVE-2017-8903Xen through 4.8.x on 64-bit platforms mishandles page tables after anIRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213. 2017-05-02
CVE-2017-8890The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c inthe Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. 2017-05-09
CVE-2017-8779rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb. 2017-05-03
CVE-2017-8422KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users togain root privileges by spoofing a callerID and leveraging a privileged helper app. 2017-05-10
CVE-2017-8291Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass andremote command execution via .rsdparams type confusion with a /OutputFile (%pipe% substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017. 2017-04-26
CVE-2017-7980** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2017-03-15
CVE-2017-7895The NFSv2 and NFSv3 server implementations in the Linux kernel through4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.2017-04-28
CVE-2017-7778** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2017-06-14
CVE-2017-7777** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2017-06-14
CVE-2017-7776** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2017-06-14
CVE-2017-7775** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2017-06-14
CVE-2017-7774** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2017-06-14
CVE-2017-7773** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2017-06-14
CVE-2017-7772** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2017-06-14
CVE-2017-7771** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2017-06-14
CVE-2017-7764** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2017-06-14
CVE-2017-7758** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2017-06-14
CVE-2017-7757** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2017-06-14
CVE-2017-7756** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2017-06-14
CVE-2017-7754** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2017-06-14
CVE-2017-7752** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2017-06-14
CVE-2017-7751** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2017-06-14
CVE-2017-7750** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2017-06-14
CVE-2017-7749** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2017-06-14
CVE-2017-7718hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows localguest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions.2017-03-14
CVE-2017-7645The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernelthrough 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.2017-04-14
CVE-2017-7502Null pointer dereference vulnerability in NSS since 3.24.0 was foundwhen server receives empty SSLv2 messages resulting into denial of service by remote attacker. 2017-06-15
CVE-2017-7494Samba since version 3.5.0 is vulnerable to remote code executionvulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. 2017-05-24
CVE-2017-7477Heap-based buffer overflow in drivers/net/macsec.c in the MACsec modulein the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function.2017-04-24
CVE-2017-7308The packet_set_ring function in net/packet/af_packet.c in the Linuxkernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls. 2017-03-29
CVE-2017-7228An issue (known as XSA-212) was discovered in Xen, with fixes availablefor 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays. 2017-04-04
CVE-2017-7187The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function.2017-03-16
CVE-2017-7184The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in theLinux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52. 2017-03-29
CVE-2017-6347The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in theLinux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission.2017-02-21
CVE-2017-6345The LLC subsystem in the Linux kernel before 4.9.13 does not ensurethat a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls.2017-02-13
CVE-2017-6214The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernelbefore 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag. 2017-02-07
CVE-2017-6074The dccp_rcv_state_process function in net/dccp/input.c in the Linuxkernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.2017-02-22
CVE-2017-6011An issue was discovered in icoutils 0.31.1. An out-of-bounds readleading to a buffer overflow was observed in the simple_vec function in the extract.c source file. This affects icotool.2017-02-03
CVE-2017-6010An issue was discovered in icoutils 0.31.1. A buffer overflow wasobserved in the extract_icons function in the extract.c source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash.2017-02-03
CVE-2017-6009An issue was discovered in icoutils 0.31.1. A buffer overflow wasobserved in the decode_ne_resource_id function in the restable.c source file. This is happening because the len parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool.2017-02-03
CVE-2017-6001Race condition in kernel/events/core.c in the Linux kernel before4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786.2017-01-14
CVE-2017-5986Race condition in the sctp_wait_for_sndbuf function innet/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state. 2017-02-06
CVE-2017-5970The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in theLinux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options.2017-02-04
CVE-2017-5897The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernelallows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.2017-02-05
1 - 50Next

Copyright (c) 2015, 2017, Oracle Corporation. All Rights Reserved.