CVE Summary
The following CVE are available for all releases offered through Unbreakable Linux Network (ULN).
Synopsis
CVE-2018-8945The bfd_section_from_shdr function in elf.c in the Binary FileDescriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section.2018-03-22
CVE-2018-8897A statement in the System Programming Guide of the Intel 64 and IA-32Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.2018-05-08
CVE-2018-8781The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linuxkernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.2018-04-23
CVE-2018-8088 org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. 2018-07-30
CVE-2018-7858 Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGAEmulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display. 2018-03-12
CVE-2018-7757Memory leak in the sas_smp_get_phy_events function indrivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file.2018-03-08
CVE-2018-7750 transport.py in the SSH server implementation of Paramiko before1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step. 2018-07-30
CVE-2018-7740The resv_map_release function in mm/hugetlb.c in the Linux kernelthrough 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call.2018-03-07
CVE-2018-7727An issue was discovered in ZZIPlib 0.13.68. There is a memory leaktriggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack.2018-03-06
CVE-2018-7726An issue was discovered in ZZIPlib 0.13.68. There is a bus error causedby the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.2018-03-06
CVE-2018-7725An issue was discovered in ZZIPlib 0.13.68. An invalid memory addressdereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service.2018-03-06
CVE-2018-7643The display_debug_ranges function in dwarf.c in GNU Binutils 2.30allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.2018-03-02
CVE-2018-7642The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor(BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy.2018-03-02
CVE-2018-7569dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), asdistributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.2018-02-28
CVE-2018-7568The parse_die function in dwarf1.c in the Binary File Descriptor (BFD)library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.2018-02-28
CVE-2018-7566The Linux kernel 4.15 has a Buffer Overflow via anSNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.2018-03-30
CVE-2018-7550 The load_multiboot function in hw/i386/multiboot.c in Quick Emulator(aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. 2018-03-01
CVE-2018-7549In params.c in zsh through 5.4.2, there is a crash during a copy of anempty hash table, as demonstrated by typeset -p.2018-02-27
CVE-2018-7541An issue was discovered in Xen through 4.10.x allowing guest OS usersto cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.2018-02-27
CVE-2018-7540An issue was discovered in Xen through 4.10.x allowing x86 PV guest OSusers to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.2018-02-27
CVE-2018-7492A NULL pointer dereference was found in the net/rds/rdma.c__rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.2018-02-26
CVE-2018-7225 An issue was discovered in LibVNCServer through 0.9.11.rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. 2018-07-30
CVE-2018-7208In the coff_pointerize_aux function in coffgen.c in the Binary FileDescriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object.2018-02-17
CVE-2018-6927 The futex_requeue function in kernel/futex.c in the Linux kernel before4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value. 2018-02-12
CVE-2018-6871LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackersto read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.2018-03-13
CVE-2018-6764util/virlog.c in libvirt does not properly determine the hostname onLXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.2018-02-23
CVE-2018-6560In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.2018-02-02
CVE-2018-6485An integer overflow in the implementation of the posix_memalign inmemalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.2018-02-01
CVE-2018-6126 ** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2018-07-03
CVE-2018-5950Cross-site scripting (XSS) vulnerability in the web UI in Mailmanbefore 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.2018-03-13
CVE-2018-5873An issue was discovered in the __ns_get_path function in fs/nsfs.c inthe Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free condition can occur. This also affects all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05.2018-07-06
CVE-2018-5848In the function wmi_set_ie(), the length validation code does nothandle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.2018-06-12
CVE-2018-5806** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.2018-10-31
CVE-2018-5805** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.2018-10-31
CVE-2018-5803In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121,4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.2018-06-12
CVE-2018-5802** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.2018-10-31
CVE-2018-5801** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.2018-10-31
CVE-2018-5800** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.2018-10-31
CVE-2018-5750 The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linuxkernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call. 2018-01-26
CVE-2018-5748 qemu/qemu_monitor.c in libvirt allows attackers to cause a denial ofservice (memory consumption) via a large QEMU reply. 2018-07-30
CVE-2018-5740** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.2018-08-27
CVE-2018-5733 ** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2018-03-12
CVE-2018-5732 ** RESERVED **This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 2018-03-12
CVE-2018-5730MIT krb5 1.6 or later allows an authenticated kadmin with permissionto add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a linkdn and containerdn database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.2018-03-06
CVE-2018-5729MIT krb5 1.6 or later allows an authenticated kadmin with permissionto add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.2018-03-06
CVE-2018-5683 The vga_draw_text function in Qemu allows local OS guest privilegedusers to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. 2018-07-30
CVE-2018-5391The Linux kernel, versions 3.9+, is vulnerable to a denial of serviceattack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.2018-09-06
CVE-2018-5390Linux kernel versions 4.9+ can be forced to make very expensive callsto tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.2018-08-06
CVE-2018-5379 The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-freememory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code. 2018-07-30
CVE-2018-5345A stack-based buffer overflow within GNOME gcab through 0.7.4 can beexploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.2018-02-26
1 - 50Next

Copyright (c) 2015, 2017, Oracle Corporation. All Rights Reserved.