Oracle Linux Bulletin - October 2018 - Oracle CVRF Oracle Linux Bulletin Advisory OLBulletinOct2018 Final 3.0 1.0 2018-10-16T13:00:00-07:00 Initial Distribution 2.0 2018-11-19T13:00:00-07:00 New CVEs added. 3.0 2018-12-17T13:00:00-07:00 New CVEs added. This document contains descriptions of Oracle Linux security vulnerabilities which have had fixes released for all supported versions and platforms. http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2018-5142979.html URL to html version of Advisory Oracle Linux 5 Oracle Linux 6 Oracle Linux 7 This is a vulnerability in 389-ds-base in Oracle Linux. 389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a racecondition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service. CVSS Base Score: Undefined. Fix has been released CVE-2018-10850 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2757.html P-1309V-7 This is a vulnerability in 389-ds-base in Oracle Linux. A flaw was found in the 389 Directory Server that allows users tocause a crash in the LDAP server using ldapsearch with server side sort. CVSS Base Score: Undefined. Fix has been released CVE-2018-10935 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2757.html P-1309V-7 This is a vulnerability in 389-ds-base in Oracle Linux. A vulnerability was discovered in 389-ds-base through versions1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash. CVSS Base Score: Undefined. Fix has been released CVE-2018-14624 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2757.html P-1309V-7 This is a vulnerability in 389-ds-base in Oracle Linux. A flaw was found in 389-ds-base before version 1.3.8.4-13. The processns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service. CVSS Base Score: Undefined. Fix has been released CVE-2018-14638 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2757.html P-1309V-7 This is a vulnerability in 389-ds-base in Oracle Linux. A flaw was found in 389 Directory Server. A specially crafted searchquery could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service. CVSS Base Score: Undefined. Fix has been released CVE-2018-14648 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3127.html P-1309V-7 This is a vulnerability in NetworkManager in Oracle Linux. A buffer overflow vulnerability in the dhcp6 client of systemd allowsa malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239. CVSS Base Score: Undefined. Fix has been released CVE-2018-15688 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3665.html P-1309V-7 This is a vulnerability in binutils in Oracle Linux. process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remoteattackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf. CVSS Base Score: Undefined. Fix has been released CVE-2018-10372 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3032.html P-1309V-7 This is a vulnerability in binutils in Oracle Linux. concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library(aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new. CVSS Base Score: Undefined. Fix has been released CVE-2018-10373 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3032.html P-1309V-7 This is a vulnerability in binutils in Oracle Linux. The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c inthe Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c. CVSS Base Score: Undefined. Fix has been released CVE-2018-10534 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3032.html P-1309V-7 This is a vulnerability in binutils in Oracle Linux. The ignore_section_sym function in elf.c in the Binary File Descriptor(BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a SECTION type that has a 0 value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy. CVSS Base Score: Undefined. Fix has been released CVE-2018-10535 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3032.html P-1309V-7 This is a vulnerability in binutils in Oracle Linux. The Binary File Descriptor (BFD) library (aka libbfd), as distributedin GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm. CVSS Base Score: Undefined. Fix has been released CVE-2018-13033 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3032.html P-1309V-7 This is a vulnerability in binutils in Oracle Linux. In the coff_pointerize_aux function in coffgen.c in the Binary FileDescriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object. CVSS Base Score: Undefined. Fix has been released CVE-2018-7208 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3032.html P-1309V-7 This is a vulnerability in binutils in Oracle Linux. The parse_die function in dwarf1.c in the Binary File Descriptor (BFD)library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm. CVSS Base Score: Undefined. Fix has been released CVE-2018-7568 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3032.html P-1309V-7 This is a vulnerability in binutils in Oracle Linux. dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), asdistributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm. CVSS Base Score: Undefined. Fix has been released CVE-2018-7569 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3032.html P-1309V-7 This is a vulnerability in binutils in Oracle Linux. The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor(BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy. CVSS Base Score: Undefined. Fix has been released CVE-2018-7642 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3032.html P-1309V-7 This is a vulnerability in binutils in Oracle Linux. The display_debug_ranges function in dwarf.c in GNU Binutils 2.30allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump. CVSS Base Score: Undefined. Fix has been released CVE-2018-7643 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3032.html P-1309V-7 This is a vulnerability in binutils in Oracle Linux. The bfd_section_from_shdr function in elf.c in the Binary FileDescriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section. CVSS Base Score: Undefined. Fix has been released CVE-2018-8945 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3032.html P-1309V-7 This is a vulnerability in curl and nss-pem in Oracle Linux. libcurl 7.1 through 7.57.0 might accidentally leak authentication datato third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the response header value. Sending the same set of headers to subsequest hosts is in particular a problem for applications that pass on custom headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request. CVSS Base Score: Undefined. Fix has been released CVE-2018-1000007 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3157.html P-1309V-7 This is a vulnerability in curl and nss-pem in Oracle Linux. A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0in the FTP URL handling that allows an attacker to cause a denial of service or worse. CVSS Base Score: Undefined. Fix has been released CVE-2018-1000120 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3157.html P-1309V-7 This is a vulnerability in curl and nss-pem in Oracle Linux. A NULL pointer dereference exists in curl 7.21.0 to and including curl7.58.0 in the LDAP code that allows an attacker to cause a denial of service CVSS Base Score: Undefined. Fix has been released CVE-2018-1000121 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3157.html P-1309V-7 This is a vulnerability in curl and nss-pem in Oracle Linux. A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage CVSS Base Score: Undefined. Fix has been released CVE-2018-1000122 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3157.html P-1309V-7 This is a vulnerability in curl and nss-pem in Oracle Linux. curl version curl 7.20.0 to and including curl 7.59.0 contains aCWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0. CVSS Base Score: Undefined. Fix has been released CVE-2018-1000301 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3157.html P-1309V-7 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-12389 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3005.html P-1309V-7 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-12390 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3005.html P-1309V-7 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-12392 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3005.html P-1309V-7 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-12393 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3005.html P-1309V-7 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-12395 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3005.html P-1309V-7 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-12396 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3005.html P-1309V-7 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-12397 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3005.html P-1309V-7 This is a vulnerability in firefox in Oracle Linux. Tor Browser before 7.0.9 on macOS and Linux allows remote attackers tobypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected. CVSS Base Score: Undefined. Fix has been released CVE-2017-16541 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3006.html P-1309V-6 This is a vulnerability in firefox in Oracle Linux. Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some ofthese bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. CVSS Base Score: Undefined. Fix has been released CVE-2018-12376 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3006.html P-1309V-6 This is a vulnerability in firefox in Oracle Linux. A use-after-free vulnerability can occur when refresh driver timersare refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. CVSS Base Score: Undefined. Fix has been released CVE-2018-12377 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3006.html P-1309V-6 This is a vulnerability in firefox in Oracle Linux. A use-after-free vulnerability can occur when an IndexedDB index isdeleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. CVSS Base Score: Undefined. Fix has been released CVE-2018-12378 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3006.html P-1309V-6 This is a vulnerability in firefox in Oracle Linux. When the Mozilla Updater opens a MAR format file which contains a verylong item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. CVSS Base Score: Undefined. Fix has been released CVE-2018-12379 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3006.html P-1309V-6 This is a vulnerability in firefox in Oracle Linux. If a user saved passwords before Firefox 58 and then later set amaster password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1. CVSS Base Score: Undefined. Fix has been released CVE-2018-12383 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2835.html P-1309V-7 This is a vulnerability in firefox in Oracle Linux. A potentially exploitable crash in TransportSecurityInfo used for SSLcan be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2. CVSS Base Score: Undefined. Fix has been released CVE-2018-12385 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2835.html P-1309V-7 This is a vulnerability in firefox in Oracle Linux. A vulnerability in register allocation in JavaScript can lead to typeconfusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. CVSS Base Score: Undefined. Fix has been released CVE-2018-12386 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2884.html P-1309V-7 This is a vulnerability in firefox in Oracle Linux. A vulnerability in register allocation in JavaScript can lead to typeconfusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. CVSS Base Score: Undefined. Fix has been released CVE-2018-12386 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3006.html P-1309V-6 This is a vulnerability in firefox in Oracle Linux. A vulnerability where the JavaScript JIT compiler inlinesArray.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. CVSS Base Score: Undefined. Fix has been released CVE-2018-12387 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2884.html P-1309V-7 This is a vulnerability in firefox in Oracle Linux. A vulnerability where the JavaScript JIT compiler inlinesArray.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3. CVSS Base Score: Undefined. Fix has been released CVE-2018-12387 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3006.html P-1309V-6 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-12389 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3006.html P-1309V-6 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-12390 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3006.html P-1309V-6 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-12392 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3006.html P-1309V-6 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-12393 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3006.html P-1309V-6 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-12395 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3006.html P-1309V-6 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-12396 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3006.html P-1309V-6 This is a vulnerability in firefox in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-12397 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3006.html P-1309V-6 This is a vulnerability in flatpak in Oracle Linux. In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon. CVSS Base Score: Undefined. Fix has been released CVE-2018-6560 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2766.html P-1309V-7 This is a vulnerability in ghostscript in Oracle Linux. It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. Anattacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7. CVSS Base Score: Undefined. Fix has been released CVE-2018-16863 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3761.html P-1309V-7 This is a vulnerability in ghostscript in Oracle Linux. The set_text_distance function in devices/vector/gdevpdts.c in thepdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. CVSS Base Score: Undefined. Fix has been released CVE-2018-10194 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2918.html P-1309V-7 This is a vulnerability in ghostscript in Oracle Linux. In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able tosupply malicious PostScript files to bypass .tempfile restrictions and write files. CVSS Base Score: Undefined. Fix has been released CVE-2018-15908 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3650.html P-1309V-7 This is a vulnerability in ghostscript in Oracle Linux. In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion usingthe .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code. CVSS Base Score: Undefined. Fix has been released CVE-2018-15909 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3650.html P-1309V-7 This is a vulnerability in ghostscript in Oracle Linux. In Artifex Ghostscript before 9.24, attackers able to supply craftedPostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code. CVSS Base Score: Undefined. Fix has been released CVE-2018-15910 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2918.html P-1309V-7 This is a vulnerability in ghostscript in Oracle Linux. An issue was discovered in Artifex Ghostscript before 9.24. Incorrectrestoration of privilege checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the pipe instruction. CVSS Base Score: Undefined. Fix has been released CVE-2018-16509 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2918.html P-1309V-7 This is a vulnerability in ghostscript in Oracle Linux. An issue was discovered in Artifex Ghostscript before 9.24. Incorrectrestoration of privilege checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the pipe instruction. CVSS Base Score: Undefined. Fix has been released CVE-2018-16509 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3760.html P-1309V-6 This is a vulnerability in ghostscript in Oracle Linux. An issue was discovered in Artifex Ghostscript before 9.24. A typeconfusion in ztype could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. CVSS Base Score: Undefined. Fix has been released CVE-2018-16511 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3650.html P-1309V-7 This is a vulnerability in ghostscript in Oracle Linux. In Artifex Ghostscript before 9.24, attackers able to supply craftedPostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable. CVSS Base Score: Undefined. Fix has been released CVE-2018-16539 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3650.html P-1309V-7 This is a vulnerability in ghostscript in Oracle Linux. In Artifex Ghostscript before 9.24, attackers able to supply craftedPostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter. CVSS Base Score: Undefined. Fix has been released CVE-2018-16542 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2918.html P-1309V-7 This is a vulnerability in git in Oracle Linux. Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.xbefore 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive git CVSS Base Score: Undefined. Fix has been released CVE-2018-17456 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3408.html P-1309V-7 This is a vulnerability in glibc in Oracle Linux. elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through2.26 mishandles RPATH and RUNPATH containing for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the ./ directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution. CVSS Base Score: Undefined. Fix has been released CVE-2017-16997 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3092.html P-1309V-7 This is a vulnerability in glibc in Oracle Linux. stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. CVSS Base Score: Undefined. Fix has been released CVE-2018-11236 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3092.html P-1309V-7 This is a vulnerability in glibc in Oracle Linux. An AVX-512-optimized implementation of the mempcpy function in the GNUC Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper. CVSS Base Score: Undefined. Fix has been released CVE-2018-11237 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3092.html P-1309V-7 This is a vulnerability in glibc in Oracle Linux. An integer overflow in the implementation of the posix_memalign inmemalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. CVSS Base Score: Undefined. Fix has been released CVE-2018-6485 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3092.html P-1309V-7 This is a vulnerability in glusterfs in Oracle Linux. A flaw was found in the way dic_unserialize function of glusterfs doesnot handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value. CVSS Base Score: Undefined. Fix has been released CVE-2018-10911 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2892.html P-1309V-6 This is a vulnerability in glusterfs in Oracle Linux. A flaw was found in the way dic_unserialize function of glusterfs doesnot handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value. CVSS Base Score: Undefined. Fix has been released CVE-2018-10911 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3242.html P-1309V-7 This is a vulnerability in gnutls in Oracle Linux. It was found that the GnuTLS implementation of HMAC-SHA-256 wasvulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets. CVSS Base Score: Undefined. Fix has been released CVE-2018-10844 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3050.html P-1309V-7 This is a vulnerability in gnutls in Oracle Linux. It was found that the GnuTLS implementation of HMAC-SHA-384 wasvulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets. CVSS Base Score: Undefined. Fix has been released CVE-2018-10845 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3050.html P-1309V-7 This is a vulnerability in gnutls in Oracle Linux. A cache-based side channel in GnuTLS implementation that leads toplain text recovery in cross-VM attack setting was found. An attacker could use a combination of Just CVSS Base Score: Undefined. Fix has been released CVE-2018-10846 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3050.html P-1309V-7 This is a vulnerability in jasper in Oracle Linux. The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors. CVSS Base Score: Undefined. Fix has been released CVE-2016-9396 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3253.html P-1309V-7 This is a vulnerability in jasper in Oracle Linux. JasPer 2.0.12 is vulnerable to a NULL pointer exception in thefunction jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. CVSS Base Score: Undefined. Fix has been released CVE-2017-1000050 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3253.html P-1309V-7 This is a vulnerability in java-1.7.0-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded component of OracleJava SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.4 (Integrity impacts). CVSS Vector:\ (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N). CVSS Base Score: Undefined. Fix has been released CVE-2018-3136 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3350.html P-1309V-7 This is a vulnerability in java-1.7.0-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded component of OracleJava SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.4 (Integrity impacts). CVSS Vector:\ (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N). CVSS Base Score: Undefined. Fix has been released CVE-2018-3136 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3409.html P-1309V-6 This is a vulnerability in java-1.7.0-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded component of OracleJava SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded:\ 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). CVSS Base Score: Undefined. Fix has been released CVE-2018-3139 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3350.html P-1309V-7 This is a vulnerability in java-1.7.0-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded component of OracleJava SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded:\ 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). CVSS Base Score: Undefined. Fix has been released CVE-2018-3139 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3409.html P-1309V-6 This is a vulnerability in java-1.7.0-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded, JRockit component ofOracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded:\ 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\ (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVSS Base Score: Undefined. Fix has been released CVE-2018-3149 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3350.html P-1309V-7 This is a vulnerability in java-1.7.0-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded, JRockit component ofOracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded:\ 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\ (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVSS Base Score: Undefined. Fix has been released CVE-2018-3149 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3409.html P-1309V-6 This is a vulnerability in java-1.7.0-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded component of OracleJava SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVSS Base Score: Undefined. Fix has been released CVE-2018-3169 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3350.html P-1309V-7 This is a vulnerability in java-1.7.0-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded component of OracleJava SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVSS Base Score: Undefined. Fix has been released CVE-2018-3169 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3409.html P-1309V-6 This is a vulnerability in java-1.7.0-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded, JRockit component ofOracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded:\ 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\ (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). CVSS Base Score: Undefined. Fix has been released CVE-2018-3180 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3350.html P-1309V-7 This is a vulnerability in java-1.7.0-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded, JRockit component ofOracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded:\ 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\ (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). CVSS Base Score: Undefined. Fix has been released CVE-2018-3180 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3409.html P-1309V-6 This is a vulnerability in java-1.7.0-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded, JRockit component ofOracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVSS Base Score: Undefined. Fix has been released CVE-2018-3214 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3350.html P-1309V-7 This is a vulnerability in java-1.7.0-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded, JRockit component ofOracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVSS Base Score: Undefined. Fix has been released CVE-2018-3214 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3409.html P-1309V-6 This is a vulnerability in java-1.8.0-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded component of OracleJava SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.4 (Integrity impacts). CVSS Vector:\ (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N). CVSS Base Score: Undefined. Fix has been released CVE-2018-3136 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2942.html P-1309V-7 This is a vulnerability in java-1.8.0-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded component of OracleJava SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.4 (Integrity impacts). CVSS Vector:\ (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N). CVSS Base Score: Undefined. Fix has been released CVE-2018-3136 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2943.html P-1309V-6 This is a vulnerability in java-1.8.0-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded component of OracleJava SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded:\ 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). CVSS Base Score: Undefined. Fix has been released CVE-2018-3139 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2942.html P-1309V-7 This is a vulnerability in java-1.8.0-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded component of OracleJava SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded:\ 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). CVSS Base Score: Undefined. Fix has been released CVE-2018-3139 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2943.html P-1309V-6 This is a vulnerability in java-1.8.0-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded, JRockit component ofOracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded:\ 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\ (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVSS Base Score: Undefined. Fix has been released CVE-2018-3149 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2942.html P-1309V-7 This is a vulnerability in java-1.8.0-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded, JRockit component ofOracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded:\ 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\ (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVSS Base Score: Undefined. Fix has been released CVE-2018-3149 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2943.html P-1309V-6 This is a vulnerability in java-1.8.0-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded component of OracleJava SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVSS Base Score: Undefined. Fix has been released CVE-2018-3169 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2942.html P-1309V-7 This is a vulnerability in java-1.8.0-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded component of OracleJava SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVSS Base Score: Undefined. Fix has been released CVE-2018-3169 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2943.html P-1309V-6 This is a vulnerability in java-1.8.0-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded, JRockit component ofOracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded:\ 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\ (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). CVSS Base Score: Undefined. Fix has been released CVE-2018-3180 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2942.html P-1309V-7 This is a vulnerability in java-1.8.0-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded, JRockit component ofOracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded:\ 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\ (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). CVSS Base Score: Undefined. Fix has been released CVE-2018-3180 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2943.html P-1309V-6 This is a vulnerability in java-1.8.0-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded, JRockit component ofOracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit:\ R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\ (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). CVSS Base Score: Undefined. Fix has been released CVE-2018-3183 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2942.html P-1309V-7 This is a vulnerability in java-1.8.0-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded, JRockit component ofOracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit:\ R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\ (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). CVSS Base Score: Undefined. Fix has been released CVE-2018-3183 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2943.html P-1309V-6 This is a vulnerability in java-1.8.0-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded, JRockit component ofOracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVSS Base Score: Undefined. Fix has been released CVE-2018-3214 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2942.html P-1309V-7 This is a vulnerability in java-1.8.0-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded, JRockit component ofOracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVSS Base Score: Undefined. Fix has been released CVE-2018-3214 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2943.html P-1309V-6 This is a vulnerability in java-11-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded component of OracleJava SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.4 (Integrity impacts). CVSS Vector:\ (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N). CVSS Base Score: Undefined. Fix has been released CVE-2018-3136 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3521.html P-1309V-7 This is a vulnerability in java-11-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded component of OracleJava SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded:\ 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). CVSS Base Score: Undefined. Fix has been released CVE-2018-3139 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3521.html P-1309V-7 This is a vulnerability in java-11-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded, JRockit component ofOracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded:\ 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\ (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVSS Base Score: Undefined. Fix has been released CVE-2018-3149 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3521.html P-1309V-7 This is a vulnerability in java-11-openjdk in Oracle Linux. Vulnerability in the Java SE component of Oracle Java SE(subcomponent: Utility). The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). CVSS Base Score: Undefined. Fix has been released CVE-2018-3150 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3521.html P-1309V-7 This is a vulnerability in java-11-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded component of OracleJava SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVSS Base Score: Undefined. Fix has been released CVE-2018-3169 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3521.html P-1309V-7 This is a vulnerability in java-11-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded, JRockit component ofOracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded:\ 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\ (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). CVSS Base Score: Undefined. Fix has been released CVE-2018-3180 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3521.html P-1309V-7 This is a vulnerability in java-11-openjdk in Oracle Linux. Vulnerability in the Java SE, Java SE Embedded, JRockit component ofOracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit:\ R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector:\ (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). CVSS Base Score: Undefined. Fix has been released CVE-2018-3183 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3521.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. An integer overflow flaw was found in the Linux kernel'screate_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable. CVSS Base Score: Undefined. Fix has been released CVE-2018-14634 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2748.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. An integer overflow flaw was found in the Linux kernel'screate_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable. CVSS Base Score: Undefined. Fix has been released CVE-2018-14634 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2846.html P-1309V-6 This is a vulnerability in kernel in Oracle Linux. The Linux kernel, versions 3.9+, is vulnerable to a denial of serviceattack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. CVSS Base Score: Undefined. Fix has been released CVE-2018-5391 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2846.html P-1309V-6 This is a vulnerability in kernel in Oracle Linux. Integer overflow in the aio_setup_single_vector function in fs/aio.cin the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression. CVSS Base Score: Undefined. Fix has been released CVE-2015-8830 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3083.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. The get_rock_ridge_filename function in fs/isofs/rock.c in the Linuxkernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem. CVSS Base Score: Undefined. Fix has been released CVE-2016-4913 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3083.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. Use-after-free vulnerability in the snd_pcm_info function in the ALSAsubsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors. CVSS Base Score: Undefined. Fix has been released CVE-2017-0861 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3083.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. Race condition in fs/timerfd.c in the Linux kernel before 4.10.15allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing. CVSS Base Score: Undefined. Fix has been released CVE-2017-10661 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3083.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 doesnot correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable. CVSS Base Score: Undefined. Fix has been released CVE-2017-17805 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3083.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. The madvise_willneed function in mm/madvise.c in the Linux kernelbefore 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping. CVSS Base Score: Undefined. Fix has been released CVE-2017-18208 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3083.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. The Serial Attached SCSI (SAS) implementation in the Linux kernelthrough 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code. CVSS Base Score: Undefined. Fix has been released CVE-2017-18232 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3083.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. The timer_create syscall implementation in kernel/time/posix-timers.cin the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc//timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE). CVSS Base Score: Undefined. Fix has been released CVE-2017-18344 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3083.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. Linux Linux kernel version at least v4.8 onwards, probably well beforecontains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM.. CVSS Base Score: Undefined. Fix has been released CVE-2018-1000026 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3083.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in theLinux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image. CVSS Base Score: Undefined. Fix has been released CVE-2018-10322 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3083.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. A flaw was found in the Linux kernel's ext4 filesystem. A local usercan cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. CVSS Base Score: Undefined. Fix has been released CVE-2018-10878 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3083.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. A flaw was found in the Linux kernel's ext4 filesystem. A local usercan cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image. CVSS Base Score: Undefined. Fix has been released CVE-2018-10879 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3083.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. A flaw was found in the Linux kernel's ext4 filesystem. A local usercan cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. CVSS Base Score: Undefined. Fix has been released CVE-2018-10881 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3083.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. A flaw was found in the Linux kernel's ext4 filesystem. A local usercan cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image. CVSS Base Score: Undefined. Fix has been released CVE-2018-10883 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3083.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. It was found that the raw midi kernel driver does not protect againstconcurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation. CVSS Base Score: Undefined. Fix has been released CVE-2018-10902 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3083.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. The ext4_iget function in fs/ext4/inode.c in the Linux kernel through4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. CVSS Base Score: Undefined. Fix has been released CVE-2018-1092 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3083.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. The ext4_fill_super function in fs/ext4/super.c in the Linux kernelthrough 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image. CVSS Base Score: Undefined. Fix has been released CVE-2018-1094 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3083.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in theLinux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory. CVSS Base Score: Undefined. Fix has been released CVE-2018-10940 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3083.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. Linux kernel vhost since version 4.8 does not properly initializememory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. CVSS Base Score: Undefined. Fix has been released CVE-2018-1118 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3083.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. A flaw was found affecting the Linux kernel before version 4.17. Bymmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks). CVSS Base Score: Undefined. Fix has been released CVE-2018-1120 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3083.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. Linux kernel before version 4.16-rc7 is vulnerable to a null pointerdereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls. CVSS Base Score: Undefined. Fix has been released CVE-2018-1130 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3083.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. The inode_init_owner function in fs/inode.c in the Linux kernel through4.17.4 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID. CVSS Base Score: Undefined. Fix has been released CVE-2018-13405 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3083.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. A security flaw was found in the chap_server_compute_md5() function inthe ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable. CVSS Base Score: Undefined. Fix has been released CVE-2018-14633 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3651.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULLpointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service. CVSS Base Score: Undefined. Fix has been released CVE-2018-14646 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3651.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. In the Linux kernel through 4.14.13, drivers/block/loop.c mishandleslo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact. CVSS Base Score: Undefined. Fix has been released CVE-2018-5344 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3083.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. The Linux kernel, versions 3.9+, is vulnerable to a denial of serviceattack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. CVSS Base Score: Undefined. Fix has been released CVE-2018-5391 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3083.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121,4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash. CVSS Base Score: Undefined. Fix has been released CVE-2018-5803 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3083.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. In the function wmi_set_ie(), the length validation code does nothandle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. CVSS Base Score: Undefined. Fix has been released CVE-2018-5848 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3083.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. The resv_map_release function in mm/hugetlb.c in the Linux kernelthrough 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call. CVSS Base Score: Undefined. Fix has been released CVE-2018-7740 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3083.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. Memory leak in the sas_smp_get_phy_events function indrivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file. CVSS Base Score: Undefined. Fix has been released CVE-2018-7757 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3083.html P-1309V-7 This is a vulnerability in kernel in Oracle Linux. The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linuxkernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space. CVSS Base Score: Undefined. Fix has been released CVE-2018-8781 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3083.html P-1309V-7 This is a vulnerability in krb5 in Oracle Linux. MIT krb5 1.6 or later allows an authenticated kadmin with permissionto add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module. CVSS Base Score: Undefined. Fix has been released CVE-2018-5729 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3071.html P-1309V-7 This is a vulnerability in krb5 in Oracle Linux. MIT krb5 1.6 or later allows an authenticated kadmin with permissionto add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a linkdn and containerdn database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN. CVSS Base Score: Undefined. Fix has been released CVE-2018-5730 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3071.html P-1309V-7 This is a vulnerability in libcdio in Oracle Linux. print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allowsremote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file. CVSS Base Score: Undefined. Fix has been released CVE-2017-18198 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3246.html P-1309V-7 This is a vulnerability in libcdio in Oracle Linux. realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remoteattackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file. CVSS Base Score: Undefined. Fix has been released CVE-2017-18199 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3246.html P-1309V-7 This is a vulnerability in libcdio in Oracle Linux. An issue was discovered in GNU libcdio before 2.0.0. There is a doublefree in get_cdtext_generic() in lib/driver/_cdio_generic.c. CVSS Base Score: Undefined. Fix has been released CVE-2017-18201 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3246.html P-1309V-7 This is a vulnerability in libkdcraw in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-5800 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3065.html P-1309V-7 This is a vulnerability in libkdcraw in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-5801 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3065.html P-1309V-7 This is a vulnerability in libkdcraw in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-5802 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3065.html P-1309V-7 This is a vulnerability in libkdcraw in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-5805 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3065.html P-1309V-7 This is a vulnerability in libkdcraw in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-5806 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3065.html P-1309V-7 This is a vulnerability in libmspack in Oracle Linux. An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha.There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash). CVSS Base Score: Undefined. Fix has been released CVE-2018-14679 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3327.html P-1309V-7 This is a vulnerability in libmspack in Oracle Linux. An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha.It does not reject blank CHM filenames. CVSS Base Score: Undefined. Fix has been released CVE-2018-14680 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3327.html P-1309V-7 This is a vulnerability in libmspack in Oracle Linux. An issue was discovered in kwajd_read_headers in mspack/kwajd.c inlibmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite. CVSS Base Score: Undefined. Fix has been released CVE-2018-14681 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3327.html P-1309V-7 This is a vulnerability in libmspack in Oracle Linux. An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha.There is an off-by-one error in the TOLOWER() macro for CHM decompression. CVSS Base Score: Undefined. Fix has been released CVE-2018-14682 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3327.html P-1309V-7 This is a vulnerability in libvirt in Oracle Linux. util/virlog.c in libvirt does not properly determine the hostname onLXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module. CVSS Base Score: Undefined. Fix has been released CVE-2018-6764 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3113.html P-1309V-7 This is a vulnerability in mod_perl in Oracle Linux. mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perlcode by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes. CVSS Base Score: Undefined. Fix has been released CVE-2011-2767 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2737.html P-1309V-6 This is a vulnerability in nss in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-12384 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2768.html P-1309V-7 This is a vulnerability in nss in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-12384 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2898.html P-1309V-6 This is a vulnerability in openssl in Oracle Linux. During key agreement in a TLS handshake using a DH(E) basedciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o). CVSS Base Score: Undefined. Fix has been released CVE-2018-0732 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4248.html P-1309V-6 This is a vulnerability in openssl in Oracle Linux. During key agreement in a TLS handshake using a DH(E) basedciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o). CVSS Base Score: Undefined. Fix has been released CVE-2018-0732 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4249.html P-1309V-7 This is a vulnerability in openssl in Oracle Linux. The OpenSSL RSA Key generation algorithm has been shown to bevulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o). CVSS Base Score: Undefined. Fix has been released CVE-2018-0737 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4248.html P-1309V-6 This is a vulnerability in openssl in Oracle Linux. The OpenSSL RSA Key generation algorithm has been shown to bevulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o). CVSS Base Score: Undefined. Fix has been released CVE-2018-0737 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4249.html P-1309V-7 This is a vulnerability in openssl in Oracle Linux. Constructed ASN.1 types with a recursive definition (such as can befound in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n). CVSS Base Score: Undefined. Fix has been released CVE-2018-0739 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4228.html P-1309V-6 This is a vulnerability in openssl in Oracle Linux. While parsing an IPAddressFamily extension in an X.509 certificate, itis possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g. CVSS Base Score: Undefined. Fix has been released CVE-2017-3735 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3221.html P-1309V-7 This is a vulnerability in openssl in Oracle Linux. Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cacheside-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. CVSS Base Score: Undefined. Fix has been released CVE-2018-0495 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3221.html P-1309V-7 This is a vulnerability in openssl in Oracle Linux. During key agreement in a TLS handshake using a DH(E) basedciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o). CVSS Base Score: Undefined. Fix has been released CVE-2018-0732 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3221.html P-1309V-7 This is a vulnerability in openssl in Oracle Linux. The OpenSSL RSA Key generation algorithm has been shown to bevulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o). CVSS Base Score: Undefined. Fix has been released CVE-2018-0737 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3221.html P-1309V-7 This is a vulnerability in openssl in Oracle Linux. Constructed ASN.1 types with a recursive definition (such as can befound in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n). CVSS Base Score: Undefined. Fix has been released CVE-2018-0739 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3221.html P-1309V-7 This is a vulnerability in ovmf in Oracle Linux. Constructed ASN.1 types with a recursive definition (such as can befound in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n). CVSS Base Score: Undefined. Fix has been released CVE-2018-0739 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3090.html P-1309V-7 This is a vulnerability in python in Oracle Linux. python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 isvulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. CVSS Base Score: Undefined. Fix has been released CVE-2018-1060 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3041.html P-1309V-7 This is a vulnerability in python in Oracle Linux. python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 isvulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. CVSS Base Score: Undefined. Fix has been released CVE-2018-1061 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3041.html P-1309V-7 This is a vulnerability in python-paramiko in Oracle Linux. Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. CVSS Base Score: Undefined. Fix has been released CVE-2018-1000805 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3347.html P-1309V-7 This is a vulnerability in python-paramiko in Oracle Linux. Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. CVSS Base Score: Undefined. Fix has been released CVE-2018-1000805 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3406.html P-1309V-6 This is a vulnerability in qemu in Oracle Linux. Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka QuickEmulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages. CVSS Base Score: Undefined. Fix has been released CVE-2017-10806 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka QuickEmulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messages. CVSS Base Score: Undefined. Fix has been released CVE-2017-10806 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. The address_space_write_continue function in exec.c in QEMU (aka QuickEmulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area. CVSS Base Score: Undefined. Fix has been released CVE-2017-11334 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. The address_space_write_continue function in exec.c in QEMU (aka QuickEmulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area. CVSS Base Score: Undefined. Fix has been released CVE-2017-11334 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROMEmulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive. CVSS Base Score: Undefined. Fix has been released CVE-2017-12809 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROMEmulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive. CVSS Base Score: Undefined. Fix has been released CVE-2017-12809 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. IBM Security Identity Governance and Intelligence Virtual Appliance5.2 through 5.2.3.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 126860. CVSS Base Score: Undefined. Fix has been released CVE-2017-1367 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. QEMU (aka Quick Emulator), when built with the VGA display emulatorsupport, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update. CVSS Base Score: Undefined. Fix has been released CVE-2017-13672 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. QEMU (aka Quick Emulator), when built with the VGA display emulatorsupport, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update. CVSS Base Score: Undefined. Fix has been released CVE-2017-13672 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. The vga display update in mis-calculated the region for the dirtybitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function. CVSS Base Score: Undefined. Fix has been released CVE-2017-13673 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Use-after-free vulnerability in the sofree function in slirp/socket.cin QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets. CVSS Base Score: Undefined. Fix has been released CVE-2017-13711 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Use-after-free vulnerability in the sofree function in slirp/socket.cin QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets. CVSS Base Score: Undefined. Fix has been released CVE-2017-13711 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Integer overflow in the load_multiboot function in hw/i386/multiboot.cin QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write. CVSS Base Score: Undefined. Fix has been released CVE-2017-14167 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Integer overflow in the load_multiboot function in hw/i386/multiboot.cin QEMU (aka Quick Emulator) allows local guest OS users to execute arbitrary code on the host via crafted multiboot header address values, which trigger an out-of-bounds write. CVSS Base Score: Undefined. Fix has been released CVE-2017-14167 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU(aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes. CVSS Base Score: Undefined. Fix has been released CVE-2017-15038 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU(aka Quick Emulator) allows local guest OS users to obtain sensitive information from host heap memory via vectors related to reading extended attributes. CVSS Base Score: Undefined. Fix has been released CVE-2017-15038 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. The Network Block Device (NBD) server in Quick Emulator (QEMU) before2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS. CVSS Base Score: Undefined. Fix has been released CVE-2017-15119 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. The Network Block Device (NBD) server in Quick Emulator (QEMU) before2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS. CVSS Base Score: Undefined. Fix has been released CVE-2017-15119 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. VNC server implementation in Quick Emulator (QEMU) 2.11.0 and olderwas found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host. CVSS Base Score: Undefined. Fix has been released CVE-2017-15124 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. VNC server implementation in Quick Emulator (QEMU) 2.11.0 and olderwas found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host. CVSS Base Score: Undefined. Fix has been released CVE-2017-15124 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Qemu through 2.10.0 allows remote attackers to cause a memory leak bytriggering slow data-channel read operations, related to io/channel-websock.c. CVSS Base Score: Undefined. Fix has been released CVE-2017-15268 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Qemu through 2.10.0 allows remote attackers to cause a memory leak bytriggering slow data-channel read operations, related to io/channel-websock.c. CVSS Base Score: Undefined. Fix has been released CVE-2017-15268 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allowlocal OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation. CVSS Base Score: Undefined. Fix has been released CVE-2017-15289 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allowlocal OS guest privileged users to cause a denial of service (out-of-bounds write access and Qemu process crash) via vectors related to dst calculation. CVSS Base Score: Undefined. Fix has been released CVE-2017-15289 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' valuesduring guest migration, leading to out-of-bounds access. CVSS Base Score: Undefined. Fix has been released CVE-2017-16845 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' valuesduring guest migration, leading to out-of-bounds access. CVSS Base Score: Undefined. Fix has been released CVE-2017-16845 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. The Virtio Vring implementation in QEMU allows local OS guest users tocause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings. CVSS Base Score: Undefined. Fix has been released CVE-2017-17381 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. The Virtio Vring implementation in QEMU allows local OS guest users tocause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings. CVSS Base Score: Undefined. Fix has been released CVE-2017-17381 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. The cirrus_invalidate_region function in hw/display/cirrus_vga.c inQemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch. CVSS Base Score: Undefined. Fix has been released CVE-2017-18030 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. The cirrus_invalidate_region function in hw/display/cirrus_vga.c inQemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch. CVSS Base Score: Undefined. Fix has been released CVE-2017-18030 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu)allows a user to cause a denial of service (Qemu process crash). CVSS Base Score: Undefined. Fix has been released CVE-2017-18043 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu)allows a user to cause a denial of service (Qemu process crash). CVSS Base Score: Undefined. Fix has been released CVE-2017-18043 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. A stack buffer overflow flaw was found in the Quick Emulator (QEMU)before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process. CVSS Base Score: Undefined. Fix has been released CVE-2017-2630 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. A stack buffer overflow flaw was found in the Quick Emulator (QEMU)before 2.9 built with the Network Block Device (NBD) client support. The flaw could occur while processing server's response to a 'NBD_OPT_LIST' request. A malicious NBD server could use this issue to crash a remote NBD client resulting in DoS or potentially execute arbitrary code on client host with privileges of the QEMU process. CVSS Base Score: Undefined. Fix has been released CVE-2017-2630 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. An out-of-bounds memory access issue was found in Quick Emulator(QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process. CVSS Base Score: Undefined. Fix has been released CVE-2017-2633 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. An out-of-bounds memory access issue was found in Quick Emulator(QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process. CVSS Base Score: Undefined. Fix has been released CVE-2017-2633 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Systems with microprocessors utilizing speculative execution andindirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. CVSS Base Score: Undefined. Fix has been released CVE-2017-5715 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Systems with microprocessors utilizing speculative execution andindirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. CVSS Base Score: Undefined. Fix has been released CVE-2017-5715 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Systems with microprocessors utilizing speculative execution andbranch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. CVSS Base Score: Undefined. Fix has been released CVE-2017-5753 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Systems with microprocessors utilizing speculative execution andbranch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. CVSS Base Score: Undefined. Fix has been released CVE-2017-5753 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Systems with microprocessors utilizing speculative execution andindirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. CVSS Base Score: Undefined. Fix has been released CVE-2017-5754 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Systems with microprocessors utilizing speculative execution andindirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. CVSS Base Score: Undefined. Fix has been released CVE-2017-5754 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Quick Emulator (Qemu) built with the VirtFS, host directory sharingvia Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host. CVSS Base Score: Undefined. Fix has been released CVE-2017-7471 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Quick Emulator (Qemu) built with the VirtFS, host directory sharingvia Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host. CVSS Base Score: Undefined. Fix has been released CVE-2017-7471 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Quick Emulator (Qemu) built with the VirtFS, host directory sharingvia Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest. CVSS Base Score: Undefined. Fix has been released CVE-2017-7493 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Quick Emulator (Qemu) built with the VirtFS, host directory sharingvia Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest. CVSS Base Score: Undefined. Fix has been released CVE-2017-7493 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guestOS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count. CVSS Base Score: Undefined. Fix has been released CVE-2017-8112 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guestOS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count. CVSS Base Score: Undefined. Fix has been released CVE-2017-8112 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allowsremote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture. CVSS Base Score: Undefined. Fix has been released CVE-2017-8309 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allowsremote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture. CVSS Base Score: Undefined. Fix has been released CVE-2017-8309 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Memory leak in the keyboard input event handlers support in QEMU (akaQuick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events. CVSS Base Score: Undefined. Fix has been released CVE-2017-8379 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Memory leak in the keyboard input event handlers support in QEMU (akaQuick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events. CVSS Base Score: Undefined. Fix has been released CVE-2017-8379 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Buffer overflow in the megasas_mmio_write function in Qemu 2.9.0allows remote attackers to have unspecified impact via unknown vectors. CVSS Base Score: Undefined. Fix has been released CVE-2017-8380 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Buffer overflow in the megasas_mmio_write function in Qemu 2.9.0allows remote attackers to have unspecified impact via unknown vectors. CVSS Base Score: Undefined. Fix has been released CVE-2017-8380 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 HostBus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing. CVSS Base Score: Undefined. Fix has been released CVE-2017-9503 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 HostBus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing. CVSS Base Score: Undefined. Fix has been released CVE-2017-9503 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support isvulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS. CVSS Base Score: Undefined. Fix has been released CVE-2018-10839 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow viaincoming fragmented datagrams. CVSS Base Score: Undefined. Fix has been released CVE-2018-11806 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow viaincoming fragmented datagrams. CVSS Base Score: Undefined. Fix has been released CVE-2018-11806 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c inqemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket. CVSS Base Score: Undefined. Fix has been released CVE-2018-12617 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c inqemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket. CVSS Base Score: Undefined. Fix has been released CVE-2018-12617 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. qemu-seccomp.c in QEMU might allow local OS guest users to cause adenial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread. CVSS Base Score: Undefined. Fix has been released CVE-2018-15746 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.cbecause an incorrect integer data type is used. CVSS Base Score: Undefined. Fix has been released CVE-2018-17958 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c becausean incorrect integer data type is used. CVSS Base Score: Undefined. Fix has been released CVE-2018-17962 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizesgreater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact. CVSS Base Score: Undefined. Fix has been released CVE-2018-17963 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Systems with microprocessors utilizing speculative execution andspeculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. CVSS Base Score: Undefined. Fix has been released CVE-2018-3639 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Systems with microprocessors utilizing speculative execution andspeculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. CVSS Base Score: Undefined. Fix has been released CVE-2018-3639 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. The vga_draw_text function in Qemu allows local OS guest privilegedusers to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. CVSS Base Score: Undefined. Fix has been released CVE-2018-5683 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. The vga_draw_text function in Qemu allows local OS guest privilegedusers to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation. CVSS Base Score: Undefined. Fix has been released CVE-2018-5683 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. The load_multiboot function in hw/i386/multiboot.c in Quick Emulator(aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. CVSS Base Score: Undefined. Fix has been released CVE-2018-7550 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. The load_multiboot function in hw/i386/multiboot.c in Quick Emulator(aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. CVSS Base Score: Undefined. Fix has been released CVE-2018-7550 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGAEmulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display. CVSS Base Score: Undefined. Fix has been released CVE-2018-7858 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4285.html P-1309V-7 This is a vulnerability in qemu in Oracle Linux. Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGAEmulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display. CVSS Base Score: Undefined. Fix has been released CVE-2018-7858 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4289.html P-1309V-7 This is a vulnerability in ruby in Oracle Linux. An issue was discovered in the OpenSSL library in Ruby before 2.3.8,2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations. CVSS Base Score: Undefined. Fix has been released CVE-2018-16395 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3738.html P-1309V-7 This is a vulnerability in samba in Oracle Linux. All versions of Samba from 4.0.0 onwards are vulnerable to a denial ofservice attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash. CVSS Base Score: Undefined. Fix has been released CVE-2018-1050 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3056.html P-1309V-7 This is a vulnerability in samba in Oracle Linux. A heap-buffer overflow was found in the way samba clients processedextra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable. CVSS Base Score: Undefined. Fix has been released CVE-2018-10858 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3056.html P-1309V-7 This is a vulnerability in samba in Oracle Linux. A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed theuse of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client. CVSS Base Score: Undefined. Fix has been released CVE-2018-1139 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3056.html P-1309V-7 This is a vulnerability in setup in Oracle Linux. setup before version 2.11.4-1.fc28 in Fedora and Red Hat EnterpriseLinux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system. CVSS Base Score: Undefined. Fix has been released CVE-2018-1113 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3249.html P-1309V-7 This is a vulnerability in sos-collector in Oracle Linux. It was discovered that sos-collector does not properly set the defaultpermissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory. CVSS Base Score: Undefined. Fix has been released CVE-2018-14650 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3663.html P-1309V-7 This is a vulnerability in spamassassin in Oracle Linux. A denial of service vulnerability was identified that exists in ApacheSpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the open event is immediately followed by a close event - even if the tag *does not* close in the HTML being parsed. Because of this, we are missing the text event to deal with the object normally. This can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. The issue is possibly a bug or design decision in HTML::Parser that specifically impacts the way Apache SpamAssassin uses the module with poorly formed html. The exploit has been seen in the wild but not believed to have been purposefully part of a Denial of Service attempt. We are concerned that there may be attempts to abuse the vulnerability in the future. CVSS Base Score: Undefined. Fix has been released CVE-2017-15705 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2916.html P-1309V-7 This is a vulnerability in spamassassin in Oracle Linux. Apache SpamAssassin 3.4.2 fixes a local user code injection in themeta rule syntax. CVSS Base Score: Undefined. Fix has been released CVE-2018-11781 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2916.html P-1309V-7 This is a vulnerability in spice and spice-gtk in Oracle Linux. A vulnerability was discovered in SPICE before version 0.14.1 wherethe generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. CVSS Base Score: Undefined. Fix has been released CVE-2018-10873 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2731.html P-1309V-7 This is a vulnerability in spice-gtk and spice-server in Oracle Linux. A vulnerability was discovered in SPICE before version 0.14.1 wherethe generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. CVSS Base Score: Undefined. Fix has been released CVE-2018-10873 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2732.html P-1309V-6 This is a vulnerability in spice-server in Oracle Linux. spice versions though 0.13 are vulnerable to out-of-bounds memoryaccess when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak. CVSS Base Score: Undefined. Fix has been released CVE-2017-7506 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3522.html P-1309V-6 This is a vulnerability in sssd in Oracle Linux. The UNIX pipe which sudo uses to contact SSSD and read the availablesudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3. CVSS Base Score: Undefined. Fix has been released CVE-2018-10852 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3158.html P-1309V-7 This is a vulnerability in thunderbird in Oracle Linux. Tor Browser before 7.0.9 on macOS and Linux allows remote attackers tobypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected. CVSS Base Score: Undefined. Fix has been released CVE-2017-16541 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3403.html P-1309V-6 This is a vulnerability in thunderbird in Oracle Linux. Tor Browser before 7.0.9 on macOS and Linux allows remote attackers tobypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected. CVSS Base Score: Undefined. Fix has been released CVE-2017-16541 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3458.html P-1309V-7 This is a vulnerability in thunderbird in Oracle Linux. Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some ofthese bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. CVSS Base Score: Undefined. Fix has been released CVE-2018-12376 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3403.html P-1309V-6 This is a vulnerability in thunderbird in Oracle Linux. Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some ofthese bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. CVSS Base Score: Undefined. Fix has been released CVE-2018-12376 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3458.html P-1309V-7 This is a vulnerability in thunderbird in Oracle Linux. A use-after-free vulnerability can occur when refresh driver timersare refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. CVSS Base Score: Undefined. Fix has been released CVE-2018-12377 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3403.html P-1309V-6 This is a vulnerability in thunderbird in Oracle Linux. A use-after-free vulnerability can occur when refresh driver timersare refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. CVSS Base Score: Undefined. Fix has been released CVE-2018-12377 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3458.html P-1309V-7 This is a vulnerability in thunderbird in Oracle Linux. A use-after-free vulnerability can occur when an IndexedDB index isdeleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. CVSS Base Score: Undefined. Fix has been released CVE-2018-12378 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3403.html P-1309V-6 This is a vulnerability in thunderbird in Oracle Linux. A use-after-free vulnerability can occur when an IndexedDB index isdeleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. CVSS Base Score: Undefined. Fix has been released CVE-2018-12378 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3458.html P-1309V-7 This is a vulnerability in thunderbird in Oracle Linux. When the Mozilla Updater opens a MAR format file which contains a verylong item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. CVSS Base Score: Undefined. Fix has been released CVE-2018-12379 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3403.html P-1309V-6 This is a vulnerability in thunderbird in Oracle Linux. When the Mozilla Updater opens a MAR format file which contains a verylong item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1. CVSS Base Score: Undefined. Fix has been released CVE-2018-12379 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3458.html P-1309V-7 This is a vulnerability in thunderbird in Oracle Linux. If a user saved passwords before Firefox 58 and then later set amaster password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1. CVSS Base Score: Undefined. Fix has been released CVE-2018-12383 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3403.html P-1309V-6 This is a vulnerability in thunderbird in Oracle Linux. If a user saved passwords before Firefox 58 and then later set amaster password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1. CVSS Base Score: Undefined. Fix has been released CVE-2018-12383 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3458.html P-1309V-7 This is a vulnerability in thunderbird in Oracle Linux. A potentially exploitable crash in TransportSecurityInfo used for SSLcan be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2. CVSS Base Score: Undefined. Fix has been released CVE-2018-12385 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3403.html P-1309V-6 This is a vulnerability in thunderbird in Oracle Linux. A potentially exploitable crash in TransportSecurityInfo used for SSLcan be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2. CVSS Base Score: Undefined. Fix has been released CVE-2018-12385 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3458.html P-1309V-7 This is a vulnerability in thunderbird in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-12389 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3531.html P-1309V-6 This is a vulnerability in thunderbird in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-12389 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3532.html P-1309V-7 This is a vulnerability in thunderbird in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-12390 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3531.html P-1309V-6 This is a vulnerability in thunderbird in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-12390 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3532.html P-1309V-7 This is a vulnerability in thunderbird in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-12392 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3531.html P-1309V-6 This is a vulnerability in thunderbird in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-12392 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3532.html P-1309V-7 This is a vulnerability in thunderbird in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-12393 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3531.html P-1309V-6 This is a vulnerability in thunderbird in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-12393 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3532.html P-1309V-7 This is a vulnerability in tomcat in Oracle Linux. An improper handing of overflow in the UTF-8 decoder withsupplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86. CVSS Base Score: Undefined. Fix has been released CVE-2018-1336 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-2921.html P-1309V-7 This is a vulnerability in wget in Oracle Linux. GNU Wget before 1.19.5 is prone to a cookie injection vulnerability inthe resp_new function in http.c via a \r\n sequence in a continuation line. CVSS Base Score: Undefined. Fix has been released CVE-2018-0494 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3052.html P-1309V-7 This is a vulnerability in wpa_supplicant in Oracle Linux. An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information. CVSS Base Score: Undefined. Fix has been released CVE-2018-14526 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3107.html P-1309V-7 This is a vulnerability in xerces-c in Oracle Linux. Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allowscontext-dependent attackers to cause a denial of service via a deeply nested DTD. CVSS Base Score: Undefined. Fix has been released CVE-2016-4463 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3335.html P-1309V-7 This is a vulnerability in xorg-x11-server in Oracle Linux. A flaw was found in xorg-x11-server before 1.20.3. An incorrectpermission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges. CVSS Base Score: Undefined. Fix has been released CVE-2018-14665 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3410.html P-1309V-7 This is a vulnerability in zsh in Oracle Linux. In exec.c in zsh before 5.0.7, there is a buffer overflow for very longfds in the ">& fd" syntax. CVSS Base Score: Undefined. Fix has been released CVE-2014-10071 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3073.html P-1309V-7 This is a vulnerability in zsh in Oracle Linux. In utils.c in zsh before 5.0.6, there is a buffer overflow whenscanning very long directory paths for symbolic links. CVSS Base Score: Undefined. Fix has been released CVE-2014-10072 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3073.html P-1309V-7 This is a vulnerability in zsh in Oracle Linux. In builtin.c in zsh before 5.4, when sh compatibility mode is used,there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. CVSS Base Score: Undefined. Fix has been released CVE-2017-18205 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3073.html P-1309V-7 This is a vulnerability in zsh in Oracle Linux. In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. CVSS Base Score: Undefined. Fix has been released CVE-2017-18206 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3073.html P-1309V-7 This is a vulnerability in zsh in Oracle Linux. zsh through version 5.4.2 is vulnerable to a stack-based bufferoverflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service. CVSS Base Score: Undefined. Fix has been released CVE-2018-1071 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3073.html P-1309V-7 This is a vulnerability in zsh in Oracle Linux. Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow inthe shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation. CVSS Base Score: Undefined. Fix has been released CVE-2018-1083 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3073.html P-1309V-7 This is a vulnerability in zsh in Oracle Linux. zsh through version 5.4.2 is vulnerable to a stack-based bufferoverflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user. CVSS Base Score: Undefined. Fix has been released CVE-2018-1100 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3073.html P-1309V-7 This is a vulnerability in zsh in Oracle Linux. In params.c in zsh through 5.4.2, there is a crash during a copy of anempty hash table, as demonstrated by typeset -p. CVSS Base Score: Undefined. Fix has been released CVE-2018-7549 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3073.html P-1309V-7 This is a vulnerability in zziplib in Oracle Linux. An issue was discovered in ZZIPlib 0.13.68. An invalid memory addressdereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service. CVSS Base Score: Undefined. Fix has been released CVE-2018-7725 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3229.html P-1309V-7 This is a vulnerability in zziplib in Oracle Linux. An issue was discovered in ZZIPlib 0.13.68. There is a bus error causedby the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file. CVSS Base Score: Undefined. Fix has been released CVE-2018-7726 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3229.html P-1309V-7 This is a vulnerability in zziplib in Oracle Linux. An issue was discovered in ZZIPlib 0.13.68. There is a memory leaktriggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack. CVSS Base Score: Undefined. Fix has been released CVE-2018-7727 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-3229.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The pivot_root implementation in fs/namespace.c in the Linux kernelthrough 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call. CVSS Base Score: Undefined. Fix has been released CVE-2014-7970 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4301.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The UDF filesystem implementation in the Linux kernel before 3.18.2does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c. CVSS Base Score: Undefined. Fix has been released CVE-2014-9728 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4301.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernelbefore 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvm_arch_vcpu data structure, and consequently obtain sensitive information or cause a denial of service (system crash), via a crafted ioctl call. CVSS Base Score: Undefined. Fix has been released CVE-2016-3713 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4301.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. An elevation of privilege vulnerability in the kernel scsi driver.Product: Android. Versions: Android kernel. Android ID A-65023233. CVSS Base Score: Undefined. Fix has been released CVE-2017-13168 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4265.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. An elevation of privilege vulnerability in the kernel scsi driver.Product: Android. Versions: Android kernel. Android ID A-65023233. CVSS Base Score: Undefined. Fix has been released CVE-2017-13168 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4270.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in theLinux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. CVSS Base Score: Undefined. Fix has been released CVE-2017-13695 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4242.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in theLinux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. CVSS Base Score: Undefined. Fix has been released CVE-2017-13695 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4250.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 doesnot correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable. CVSS Base Score: Undefined. Fix has been released CVE-2017-17805 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4299.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 doesnot correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable. CVSS Base Score: Undefined. Fix has been released CVE-2017-17805 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4301.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The HMAC implementation (crypto/hmac.c) in the Linux kernel before4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. CVSS Base Score: Undefined. Fix has been released CVE-2017-17806 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4299.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The HMAC implementation (crypto/hmac.c) in the Linux kernel before4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. CVSS Base Score: Undefined. Fix has been released CVE-2017-17806 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4301.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions arace condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. CVSS Base Score: Undefined. Fix has been released CVE-2018-1000004 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4307.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-1000204 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4288.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVSS Base Score: Undefined. Fix has been released CVE-2018-1000204 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4301.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in theLinux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image. CVSS Base Score: Undefined. Fix has been released CVE-2018-10322 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4304.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. It was found that the raw midi kernel driver does not protect againstconcurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation. CVSS Base Score: Undefined. Fix has been released CVE-2018-10902 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4299.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. An issue was discovered in the Linux kernel through 4.17.3. An IntegerOverflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls. CVSS Base Score: Undefined. Fix has been released CVE-2018-12896 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4242.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linuxkernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. CVSS Base Score: Undefined. Fix has been released CVE-2018-13094 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4299.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. An issue was discovered in the Linux kernel through 4.17.10. There isout-of-bounds access in write_extent_buffer() when mounting and operating a crafted btrfs image, because of a lack of verification that each block group has a corresponding chunk at mount time, within btrfs_read_block_groups in fs/btrfs/extent-tree.c. CVSS Base Score: Undefined. Fix has been released CVE-2018-14610 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4270.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. An issue was discovered in the Linux kernel through 4.17.10. There is ause-after-free in try_merge_free_space() when mounting a crafted btrfs image, because of a lack of chunk type flag checks in btrfs_check_chunk_valid in fs/btrfs/volumes.c. CVSS Base Score: Undefined. Fix has been released CVE-2018-14611 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4270.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. An integer overflow flaw was found in the Linux kernel'screate_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable. CVSS Base Score: Undefined. Fix has been released CVE-2018-14634 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4234.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. An issue was discovered in the Linux kernel through 4.17.11, as used inXen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges. CVSS Base Score: Undefined. Fix has been released CVE-2018-14678 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4242.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). CVSS Base Score: Undefined. Fix has been released CVE-2018-14734 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4261.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). CVSS Base Score: Undefined. Fix has been released CVE-2018-14734 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4270.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.cin the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks. CVSS Base Score: Undefined. Fix has been released CVE-2018-15572 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4261.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.cin the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks. CVSS Base Score: Undefined. Fix has been released CVE-2018-15572 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4270.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. An issue was discovered in the Linux kernel before 4.18.6. Aninformation leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940. CVSS Base Score: Undefined. Fix has been released CVE-2018-16658 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4242.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. An issue was discovered in the Linux kernel before 4.18.6. Aninformation leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940. CVSS Base Score: Undefined. Fix has been released CVE-2018-16658 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4250.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. An issue was discovered in the Linux kernel through 4.18.8. Thevmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations. CVSS Base Score: Undefined. Fix has been released CVE-2018-17182 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4270.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on thearm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attacker can arbitrarily redirect the hypervisor flow of control (with full register control). An attacker can also cause a denial of service (hypervisor panic) via an illegal exception return. This occurs because of insufficient restrictions on userspace access to the core register file, and because PSTATE.M validation does not prevent unintended execution modes. CVSS Base Score: Undefined. Fix has been released CVE-2018-18021 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4270.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows localattackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ. CVSS Base Score: Undefined. Fix has been released CVE-2018-18386 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4307.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. In the Linux kernel before 4.17, a local attacker able to setattributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form. CVSS Base Score: Undefined. Fix has been released CVE-2018-18690 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4299.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. An issue was discovered in the Linux kernel through 4.19. Aninformation leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658. CVSS Base Score: Undefined. Fix has been released CVE-2018-18710 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4288.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. An issue was discovered in the Linux kernel through 4.19. Aninformation leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658. CVSS Base Score: Undefined. Fix has been released CVE-2018-18710 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4301.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. An issue was discovered in the Linux kernel through 4.19. Aninformation leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658. CVSS Base Score: Undefined. Fix has been released CVE-2018-18710 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4304.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. In the function wmi_set_ie(), the length validation code does nothandle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. CVSS Base Score: Undefined. Fix has been released CVE-2018-5848 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4304.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. A NULL pointer dereference was found in the net/rds/rdma.c__rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST. CVSS Base Score: Undefined. Fix has been released CVE-2018-7492 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4242.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. A NULL pointer dereference was found in the net/rds/rdma.c__rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST. CVSS Base Score: Undefined. Fix has been released CVE-2018-7492 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4250.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The Linux kernel 4.15 has a Buffer Overflow via anSNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user. CVSS Base Score: Undefined. Fix has been released CVE-2018-7566 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4250.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The Linux kernel 4.15 has a Buffer Overflow via anSNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user. CVSS Base Score: Undefined. Fix has been released CVE-2018-7566 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4301.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. An issue was discovered in the fd_locked_ioctl function indrivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. CVSS Base Score: Undefined. Fix has been released CVE-2018-7755 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4299.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. An issue was discovered in the fd_locked_ioctl function indrivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. CVSS Base Score: Undefined. Fix has been released CVE-2018-7755 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4301.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. An issue was discovered in the fd_locked_ioctl function indrivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. CVSS Base Score: Undefined. Fix has been released CVE-2018-7755 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4304.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. Memory leak in the sas_smp_get_phy_events function indrivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file. CVSS Base Score: Undefined. Fix has been released CVE-2018-7757 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4265.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. Memory leak in the sas_smp_get_phy_events function indrivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file. CVSS Base Score: Undefined. Fix has been released CVE-2018-7757 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4269.html P-1309V-6 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c inthe Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference). CVSS Base Score: Undefined. Fix has been released CVE-2018-8043 P-1309V-7 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4304.html P-1309V-7 This is a vulnerability in Unbreakable Enterprise kernel in Oracle Linux. The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c inthe Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference). CVSS Base Score: Undefined. Fix has been released CVE-2018-8043 P-1309V-6 Oracle Linux Security Advisory Oracle Linux customers http://linux.oracle.com/errata/ELSA-2018-4307.html P-1309V-6