CVE-2018-12896
https://notcve.org/view.php?id=CVE-2018-12896
An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls. • https://bugzilla.kernel.org/show_bug.cgi?id=200189 https://github.com/lcytxw/bug_repro/tree/master/bug_200189 https://github.com/torvalds/linux/commit/78c9c4dfbf8c04883941445a195276bb4bb92c76 https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html https://usn.ubuntu.com/3847-1 https://usn.ubuntu.com/3847-2 https://usn.ubuntu.com/3847- • CWE-190: Integer Overflow or Wraparound •
CVE-2018-13053 – kernel: Integer overflow in the alarm_timer_nsleep function
https://notcve.org/view.php?id=CVE-2018-13053
The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used. La función alarm_timer_nsleep en kernel/time/alarmtimer.c en el kernel de Linux hasta la versión 4.17.3 tiene un desbordamiento de enteros a través de un tiempo de espera relativo grande porque no se utiliza ktime_add_safe. A flaw was found in the alarm_timer_nsleep() function in kernel/time/alarmtimer.c in the Linux kernel. The ktime_add_safe() function is not used and an integer overflow can happen causing an alarm not to fire or possibly a denial-of-service if using a large relative timeout. • http://www.securityfocus.com/bid/104671 https://access.redhat.com/errata/RHSA-2019:0831 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://bugzilla.kernel.org/show_bug.cgi?id=200303 https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=5f936e19cc0ef97dbe3a56e9498922ad5ba1edef https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https • CWE-190: Integer Overflow or Wraparound •
CVE-2018-10860
https://notcve.org/view.php?id=CVE-2018-10860
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter. perl-archive-zip es vulnerable a salto de directorio en Archive::Zip. Se ha descubierto que el módulo Archivo::Zip no saneaba correctamente las rutas cuando se extraían archivos zip. Un atacante que pueda proporcionar un archivo especialmente manipulado para que se procese podría utilizar esta vulnerabilidad para escribir o sobrescribir archivos arbitrarios en el contexto del intérprete perl. • http://www.securityfocus.com/bid/104580 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10860 https://lists.debian.org/debian-lts-announce/2018/07/msg00032.html https://usn.ubuntu.com/3703-1 https://usn.ubuntu.com/3703-2 https://www.debian.org/security/2018/dsa-4300 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2018-5188 – Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9
https://notcve.org/view.php?id=CVE-2018-5188
Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Hay errores de seguridad de memoria en Firefox 60, Firefox ESR 60 y Firefox ESR 52.8. Algunos de estos errores mostraron evidencias de corrupción de memoria y se entiende que, con el suficiente esfuerzo, algunos de estos podrían explotarse para ejecutar código arbitrario. • http://www.securityfocus.com/bid/104555 https://access.redhat.com/errata/RHSA-2018:2112 https://access.redhat.com/errata/RHSA-2018:2113 https://access.redhat.com/errata/RHSA-2018:2251 https://access.redhat.com/errata/RHSA-2018:2252 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1456189%2C1456975%2C1465898%2C1392739%2C1451297%2C1464063%2C1437842%2C1442722%2C1452576%2C1450688%2C1458264%2C1458270%2C1465108%2C1464829%2C1464079%2C1463494%2C1458048 https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2018-5156 – Mozilla: Media recorder segmentation fault when track type is changed during capture
https://notcve.org/view.php?id=CVE-2018-5156
A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. Puede ocurrir una vulnerabilidad al capturar una transmisión de medios cuando el tipo de origen de medios se cambia al mismo tiempo que se realiza la captura. Esto puede resultar en que los datos de transmisión se envían al tipo erróneo, lo que provoca un cierre inesperado potencialmente explotable. • http://www.securityfocus.com/bid/104560 http://www.securitytracker.com/id/1041193 https://access.redhat.com/errata/RHSA-2018:2112 https://access.redhat.com/errata/RHSA-2018:2113 https://bugzilla.mozilla.org/show_bug.cgi?id=1453127 https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html https://security.gentoo.org/glsa/201810-01 https://security.gentoo.org/glsa/201811-13 https://usn.ubuntu.com • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •