CVE-2018-7568 – binutils: integer overflow via an ELF file with corrupt dwarf1 debug information in libbfd library
https://notcve.org/view.php?id=CVE-2018-7568
The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm. La función parse_die en dwarf1.c en la biblioteca Binary File Descriptor (BFD), conocida como libbfd, tal y como se distribuye en GNU Binutils 2.30, permite que atacantes remotos provoquen una denegación de servicio (desbordamiento de enteros y cierre inesperado de la aplicación) mediante un archivo ELF con información de depuración corrupta, tal y como demuestra nm. An integer wraparound has been discovered in the Binary File Descriptor (BFD) library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3032 https://security.gentoo.org/glsa/201811-17 https://sourceware.org/bugzilla/show_bug.cgi?id=22894 https://access.redhat.com/security/cve/CVE-2018-7568 https://bugzilla.redhat.com/show_bug.cgi?id=1551771 • CWE-190: Integer Overflow or Wraparound •
CVE-2018-1304 – tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources
https://notcve.org/view.php?id=CVE-2018-1304
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected. El patrón de URL "" (la cadena vacía) que mapea exactamente al root de contexto no se gestionó correctamente en Apache Tomcat 9.0.0.M1 a 9.0.4, 8.5.0 a 8.5.27, 8.0.0.RC1 a 8.0.49 y 7.0.0 a 7.0.84 al emplearse como parte de una definición de limitación de seguridad. • https://github.com/knqyf263/CVE-2018-1304 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/103170 http://www.securitytracker.com/id/1040427 https://access.redhat.com/errata/RHSA-2018:0465 https://access.redhat.com/errata/RHSA-2018:0466 https://access.redhat.com/errata/RHSA-2018:1320 https://access.redhat.com/errata/RHSA-2018:1447 https://access.redha • CWE-284: Improper Access Control •
CVE-2018-7549 – zsh: crash on copying empty hash table
https://notcve.org/view.php?id=CVE-2018-7549
In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. En params.c en zsh, hasta la versión 5.4.2, hay un cierre inesperado durante la copia de una tabla de hashes vacía, tal y como demuestra typeset -p. A NULL pointer dereference flaw was found in the code responsible for saving hashtables of the zsh package. An attacker could use this flaw to cause a denial of service by crashing the user shell. • https://access.redhat.com/errata/RHSA-2018:3073 https://security.gentoo.org/glsa/201805-10 https://sourceforge.net/p/zsh/code/ci/c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd https://usn.ubuntu.com/3593-1 https://access.redhat.com/security/cve/CVE-2018-7549 https://bugzilla.redhat.com/show_bug.cgi?id=1549858 • CWE-20: Improper Input Validation CWE-665: Improper Initialization •
CVE-2018-6764 – libvirt: guest could inject executable code via libnss_dns.so loaded by libvirt_lxc before init
https://notcve.org/view.php?id=CVE-2018-6764
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module. util/virlog.c en libvirt no determina correctamente el nombre de host en el arranque del contenedor LXC, lo que permite que usuarios locales invitados del sistema operativo omitan un mecanismo de protección de contenedor planeado y ejecuten comandos arbitrarios mediante un módulo NSS manipulado. • http://www.ubuntu.com/usn/USN-3576-1 https://access.redhat.com/errata/RHSA-2018:3113 https://www.debian.org/security/2018/dsa-4137 https://www.redhat.com/archives/libvir-list/2018-February/msg00239.html https://access.redhat.com/security/cve/CVE-2018-6764 https://bugzilla.redhat.com/show_bug.cgi?id=1541444 • CWE-179: Incorrect Behavior Order: Early Validation CWE-346: Origin Validation Error •
CVE-2018-6056 – chromium-browser: incorrect derived class instantiation in v8
https://notcve.org/view.php?id=CVE-2018-6056
Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Una confusión de tipos podría conducir a una escritura fuera de límites en V8 en Google Chrome, en versiones anteriores a la 64.0.3282.168, lo que permite que un atacante remoto ejecute código arbitrario dentro de un sandbox mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103003 https://access.redhat.com/errata/RHSA-2018:0334 https://chromereleases.googleblog.com/2018/02/stable-channel-update-for-desktop_13.html https://crbug.com/806388 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6056 https://bugzilla.redhat.com/show_bug.cgi?id=1545062 • CWE-704: Incorrect Type Conversion or Cast •