CVE Summary
The following CVE are available for all releases offered through Unbreakable Linux Network (ULN).
Synopsis
CVE-2018-8897A statement in the System Programming Guide of the Intel 64 and IA-32Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.2018-05-08
CVE-2018-8781 The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linuxkernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space. 2018-07-30
CVE-2018-8088 org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. 2018-07-30
CVE-2018-7858 Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGAEmulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display. 2018-03-12
CVE-2018-7750 transport.py in the SSH server implementation of Paramiko before1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step. 2018-07-30
CVE-2018-7566The Linux kernel 4.15 has a Buffer Overflow via anSNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.2018-03-30
CVE-2018-7550 The load_multiboot function in hw/i386/multiboot.c in Quick Emulator(aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. 2018-03-01
CVE-2018-7541 An issue was discovered in Xen through 4.10.x allowing guest OS usersto cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1. 2018-02-27
CVE-2018-7540 An issue was discovered in Xen through 4.10.x allowing x86 PV guest OSusers to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing. 2018-02-27
CVE-2018-7225 An issue was discovered in LibVNCServer through 0.9.11.rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. 2018-07-30
CVE-2018-6927 The futex_requeue function in kernel/futex.c in the Linux kernel before4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value. 2018-02-12
CVE-2018-6871LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackersto read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.2018-03-13
CVE-2018-6126 ** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2018-07-03
CVE-2018-5950Cross-site scripting (XSS) vulnerability in the web UI in Mailmanbefore 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.2018-03-13
CVE-2018-5803 In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121,4.1.51, and 3.2.102, an error in the _sctp_make_chunk() function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash. 2018-06-12
CVE-2018-5750 The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linuxkernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. 2018-01-26
CVE-2018-5748 qemu/qemu_monitor.c in libvirt allows attackers to cause a denial ofservice (memory consumption) via a large QEMU reply. 2018-07-30
CVE-2018-5740** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.2018-08-27
CVE-2018-5733 ** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2018-03-12
CVE-2018-5732 ** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2018-03-12
CVE-2018-5683 The vga_draw_text function in Qemu allows local OS guest privilegedusers to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. 2018-07-30
CVE-2018-5391** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.2018-08-13
CVE-2018-5390Linux kernel versions 4.9+ can be forced to make very expensive callsto tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.2018-08-06
CVE-2018-5379 The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-freememory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code. 2018-07-30
CVE-2018-5345A stack-based buffer overflow within GNOME gcab through 0.7.4 can beexploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.2018-02-26
CVE-2018-5333 In the Linux kernel through 4.14.13, the rds_cmsg_atomic function innet/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference. 2018-01-11
CVE-2018-5332 In the Linux kernel through 4.14.13, the rds_message_alloc_sgs()function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c). 2018-07-30
CVE-2018-5188** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.2018-07-24
CVE-2018-5185 Plaintext of decrypted emails can leak through by user submitting anembedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. 2018-06-11
CVE-2018-5184 Using remote content in encrypted messages can lead to the disclosureof plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. 2018-06-11
CVE-2018-5183 Mozilla developers backported selected changes in the Skia library.These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8. 2018-06-11
CVE-2018-5178 A buffer overflow was found during UTF8 to Unicode string conversionwithin JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8. 2018-06-11
CVE-2018-5170 It is possible to spoof the filename of an attachment and display anarbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. 2018-06-11
CVE-2018-5168 Sites can bypass security checks on permissions to install lightweightthemes by manipulating the baseURI property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. 2018-06-11
CVE-2018-5162 Plaintext of decrypted emails can leak through the src attribute ofremote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. 2018-06-11
CVE-2018-5161 Crafted message headers can cause a Thunderbird process to hang onreceiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. 2018-06-11
CVE-2018-5159 An integer overflow can occur in the Skia library due to 32-bitinteger use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. 2018-06-11
CVE-2018-5158 The PDF viewer does not sufficiently sanitize PostScript calculatorfunctions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60. 2018-06-11
CVE-2018-5157 Same-origin protections for the PDF viewer can be bypassed, allowing amalicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60. 2018-06-11
CVE-2018-5156 ** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2018-07-03
CVE-2018-5155 A use-after-free vulnerability can occur while adjusting layout duringSVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. 2018-06-11
CVE-2018-5154 A use-after-free vulnerability can occur while enumerating attributesduring SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. 2018-06-11
CVE-2018-5150 Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, andThunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8. 2018-06-11
CVE-2018-5148 A use-after-free vulnerability can occur in the compositor duringcertain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox < 59.0.2. 2018-06-11
CVE-2018-5146 An out of bounds memory write while processing Vorbis audio data wasreported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7. 2018-06-11
CVE-2018-5145 Memory safety bugs were reported in Firefox ESR 52.6. These bugsshowed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7. 2018-06-11
CVE-2018-5144 An integer overflow can occur during conversion of text to someUnicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7. 2018-06-11
CVE-2018-5131 Under certain circumstances the fetch() API can return transientlocal copies of resources that were sent with a no-store or no-cache cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59. 2018-06-11
CVE-2018-5130 When packets with a mismatched RTP payload type are sent in WebRTCconnections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59. 2018-06-11
CVE-2018-5129 A lack of parameter validation on IPC messages results in a potentialout-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59. 2018-06-11
1 - 50Next

Copyright (c) 2015, 2017, Oracle Corporation. All Rights Reserved.