CVE-2018-7549 – zsh: crash on copying empty hash table
https://notcve.org/view.php?id=CVE-2018-7549
In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. En params.c en zsh, hasta la versión 5.4.2, hay un cierre inesperado durante la copia de una tabla de hashes vacía, tal y como demuestra typeset -p. A NULL pointer dereference flaw was found in the code responsible for saving hashtables of the zsh package. An attacker could use this flaw to cause a denial of service by crashing the user shell. • https://access.redhat.com/errata/RHSA-2018:3073 https://security.gentoo.org/glsa/201805-10 https://sourceforge.net/p/zsh/code/ci/c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd https://usn.ubuntu.com/3593-1 https://access.redhat.com/security/cve/CVE-2018-7549 https://bugzilla.redhat.com/show_bug.cgi?id=1549858 • CWE-20: Improper Input Validation CWE-665: Improper Initialization •
CVE-2018-6764 – libvirt: guest could inject executable code via libnss_dns.so loaded by libvirt_lxc before init
https://notcve.org/view.php?id=CVE-2018-6764
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module. util/virlog.c en libvirt no determina correctamente el nombre de host en el arranque del contenedor LXC, lo que permite que usuarios locales invitados del sistema operativo omitan un mecanismo de protección de contenedor planeado y ejecuten comandos arbitrarios mediante un módulo NSS manipulado. • http://www.ubuntu.com/usn/USN-3576-1 https://access.redhat.com/errata/RHSA-2018:3113 https://www.debian.org/security/2018/dsa-4137 https://www.redhat.com/archives/libvir-list/2018-February/msg00239.html https://access.redhat.com/security/cve/CVE-2018-6764 https://bugzilla.redhat.com/show_bug.cgi?id=1541444 • CWE-179: Incorrect Behavior Order: Early Validation CWE-346: Origin Validation Error •
CVE-2018-6056 – chromium-browser: incorrect derived class instantiation in v8
https://notcve.org/view.php?id=CVE-2018-6056
Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior to 64.0.3282.168 allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Una confusión de tipos podría conducir a una escritura fuera de límites en V8 en Google Chrome, en versiones anteriores a la 64.0.3282.168, lo que permite que un atacante remoto ejecute código arbitrario dentro de un sandbox mediante una página HTML manipulada. • http://www.securityfocus.com/bid/103003 https://access.redhat.com/errata/RHSA-2018:0334 https://chromereleases.googleblog.com/2018/02/stable-channel-update-for-desktop_13.html https://crbug.com/806388 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6056 https://bugzilla.redhat.com/show_bug.cgi?id=1545062 • CWE-704: Incorrect Type Conversion or Cast •
CVE-2018-7225 – libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c
https://notcve.org/view.php?id=CVE-2018-7225
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets. Se ha descubierto un problema en LibVNCServer hasta la versión 0.9.11. rfbProcessClientNormalMessage() en rfbserver.c no sanea msg.cct.length, lo que conduce a un acceso a datos no inicializados y potencialmente sensibles o, posiblemente, a otro tipo de impacto sin especificar (por ejemplo, un desbordamiento de enteros) mediante paquetes VNC especialmente manipulados. • http://www.openwall.com/lists/oss-security/2018/02/18/1 http://www.securityfocus.com/bid/103107 https://access.redhat.com/errata/RHSA-2018:1055 https://github.com/LibVNC/libvncserver/issues/218 https://lists.debian.org/debian-lts-announce/2018/03/msg00035.html https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html https://se • CWE-190: Integer Overflow or Wraparound CWE-805: Buffer Access with Incorrect Length Value •
CVE-2018-7208 – binutils: Improper bounds check in coffgen.c:coff_pointerize_aux() allows for denial of service when parsing a crafted COFF file
https://notcve.org/view.php?id=CVE-2018-7208
In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object. En la función coff_pointerize_aux en coffgen.c en la biblioteca Binary File Descriptor (BFD), también conocida como libbfd, tal y como se distribuye en GNU Binutils 2.30, no se valida un índice. Esto permite que atacantes remotos provoquen una denegación de servicio (fallo de segmentación) o que pueda provocar otro tipo de impacto sin especificar mediante un archivo manipulado, tal y como demuestra un objcopy de un objeto COFF. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html http://www.securityfocus.com/bid/103077 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3032 https://security.gentoo.org/glsa/201811-17 https://sourceware.org/bugzilla/show_bug.cgi?id=22741 https://access.redhat.com/security/cve/CVE-2018-7208 https://bugzilla.redhat.com/show_bug.cgi?id=15 • CWE-20: Improper Input Validation •