Canonical Ubuntu Linux 17.04

When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string.

Published: 2018-01-06T16:00:00.000Z
Updated: 2024-08-05T05:26:47.168Z

The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.

Published: 2017-06-08T16:00:00.000Z
Updated: 2025-12-03T21:16:39.264Z

LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session.

Published: 2017-05-12T06:54:00.000Z
Updated: 2024-08-05T16:48:22.897Z

The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scripts, as distributed in the Debian postgresql-common package before 181+deb9u1 for PostgreSQL (and other packages related to Debian and Ubuntu), handled symbolic links insecurely, which could result in local denial of service by overwriting arbitrary files.

Published: 2017-11-13T09:00:00.000Z
Updated: 2024-08-05T16:48:21.905Z

git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.

Published: 2017-06-01T16:00:00.000Z
Updated: 2024-08-05T16:34:22.740Z

Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.

Published: 2017-07-25T14:00:00.000Z
Updated: 2024-08-05T16:19:29.573Z

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Published: 2018-01-04T13:00:00.000Z
Updated: 2026-05-28T18:00:56.175Z

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Published: 2018-01-04T13:00:00.000Z
Updated: 2025-05-06T14:59:36.405Z

libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.

Published: 2017-12-01T17:00:00.000Z
Updated: 2024-08-05T20:27:04.328Z

In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.

Published: 2017-12-01T17:00:00.000Z
Updated: 2024-08-05T20:27:04.463Z

Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.

Published: 2017-11-27T22:00:00.000Z
Updated: 2024-08-05T19:50:16.452Z

Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.

Published: 2017-11-27T22:00:00.000Z
Updated: 2024-08-05T19:34:39.975Z

Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.

Published: 2017-10-02T21:00:00.000Z
Updated: 2024-08-05T19:27:40.768Z

Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.

Published: 2017-10-02T21:00:00.000Z
Updated: 2024-08-05T19:27:40.779Z

dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.

Published: 2017-10-02T21:00:00.000Z
Updated: 2024-08-05T19:27:40.722Z

Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.

Published: 2017-10-02T21:00:00.000Z
Updated: 2024-08-05T19:27:40.669Z

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.

Published: 2017-10-02T21:00:00.000Z
Updated: 2024-08-05T19:27:40.807Z

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

Published: 2017-10-02T21:00:00.000Z
Updated: 2024-08-05T19:27:40.755Z

Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.

Published: 2018-02-02T14:00:00.000Z
Updated: 2025-11-03T19:25:18.350Z

Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.

Published: 2018-02-02T14:00:00.000Z
Updated: 2024-09-16T20:42:06.537Z

Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324.

Published: 2018-02-02T14:00:00.000Z
Updated: 2024-09-17T00:15:35.899Z

Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.

Published: 2017-11-27T10:00:00.000Z
Updated: 2024-08-05T19:20:41.042Z

In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.

Published: 2017-10-02T21:00:00.000Z
Updated: 2024-08-05T19:05:20.078Z

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.

Published: 2017-10-17T13:00:00.000Z
Updated: 2024-08-05T18:58:12.471Z

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.

Published: 2017-10-17T13:00:00.000Z
Updated: 2024-08-05T18:58:12.354Z

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Published: 2017-10-17T13:00:00.000Z
Updated: 2024-08-05T18:58:12.219Z

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Published: 2017-10-17T13:00:00.000Z
Updated: 2024-08-05T18:58:12.325Z

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Published: 2017-10-17T13:00:00.000Z
Updated: 2024-08-05T18:58:12.560Z

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients.

Published: 2017-10-17T13:00:00.000Z
Updated: 2024-08-05T18:58:12.441Z

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.

Published: 2017-10-17T13:00:00.000Z
Updated: 2024-08-05T18:58:12.283Z

Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients.

Published: 2017-10-17T13:00:00.000Z
Updated: 2024-08-05T18:58:12.231Z

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.

Published: 2017-10-17T13:00:00.000Z
Updated: 2024-08-05T18:58:12.469Z

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.

Published: 2017-10-17T02:00:00.000Z
Updated: 2024-08-05T18:58:12.291Z

CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."

Published: 2017-08-24T14:00:00.000Z
Updated: 2024-08-05T18:51:06.827Z

hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation.

Published: 2016-05-09T10:00:00.000Z
Updated: 2024-08-06T00:32:25.406Z

The pg_ctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04 before 179ubuntu0.1, and in Ubuntu 17.10 before 184ubuntu1.1 allows local users to gain root privileges via a symlink attack on a logfile in /var/log/postgresql.

Published: 2017-12-05T16:00:00.000Z
Updated: 2024-08-05T22:48:13.668Z