Lucene search

K
cloudlinuxCloudLinuxCLSA-2021:1639670534
HistoryDec 16, 2021 - 4:02 p.m.

Fix of CVE: CVE-2018-18605, CVE-2019-12972, CVE-2016-4490, CVE-2018-6543, CVE-2018-19931, CVE-2018-10535, CVE-2019-17450, CVE-2018-7643, CVE-2016-4487, CVE-2016-4492, CVE-2018-20002, CVE-2018-1000876, CVE-2019-9073, CVE-2019-9075, CVE-2018-20671, CVE-2016-4488, CVE-2018-7568, CVE-2018-7642, CVE-2018-10373, CVE-2018-6323, CVE-2016-2226, CVE-2016-4493, CVE-2018-19932, CVE-2018-6759, CVE-2019-9077, CVE-2018-18607, CVE-2018-8945, CVE-2018-7208, CVE-2016-6131, CVE-2018-13033, CVE-2018-20623, CVE-2019-14444, CVE-2018-18309, CVE-2018-18606, CVE-2018-7569, CVE-2016-4489

2021-12-1616:02:14
repo.cloudlinux.com
42

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

  • CVE-2018-6323: Fix unsigned integer overflow
  • CVE-2018-19931: Fix heap-based buffer overflow in bfd_elf32_swap_phdr_in
  • CVE-2018-6543: Fix integer overflow
  • CVE-2018-20671: Fix integer overflow vulnerability
  • CVE-2018-6759: Fix segmentation fault
  • CVE-2018-7208: Fix segmentation fault
  • CVE-2018-7568: Fix integer overflow
  • CVE-2018-7569: Fix integer underflow or overflow
  • CVE-2018-7642: Fix aout_32_swap_std_reloc_out NULL pointer dereference
  • CVE-2018-7643: Fix integer overflow
  • CVE-2018-8945: Fix segmentation fault
  • CVE-2018-13033: Fix excessive memory allocation
  • CVE-2018-10373: Fix NULL pointer dereference
  • CVE-2018-10535: Fix NULL pointer dereference
  • CVE-2018-18309: Fix invalid memory address dereference
  • CVE-2018-18605: Fix mishandles section merges
  • CVE-2018-18606: Fix NULL pointer dereference
  • CVE-2018-18607: Fix NULL pointer dereference in elf_link_input_bfd
  • CVE-2018-19932: Fix integer overflow and infinite loop
  • CVE-2018-20002: Fix memory consumption
  • CVE-2018-20623: Fix use-after-free in the error function
  • CVE-2018-1000876: Fix integer overflow trigger heap overflow
  • CVE-2019-9073: Fix excessive memory allocation
  • CVE-2019-9075: Fix heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap
  • CVE-2019-9077: Fix heap-based buffer overflow in process_mips_specific
  • CVE-2019-12972: Fix heap-based buffer over-read in _bfd_doprnt
  • CVE-2019-14444: Fix integer overflow
  • CVE-2019-17450: Fix infinite recursion
  • CVE-2016-2226: Fix integer overflow in the string_appends function in cplus-dem.c
  • CVE-2016-4487: Fix use-after-free vulnerability in libiberty
  • CVE-2016-4488: Fix use-after-free vulnerability in libiberty
  • CVE-2016-4489: Fix integer overflow in libiberty
  • CVE-2016-4490: Fix integer overflow in cp-demangle.c in libiberty
  • CVE-2016-4492: Fix buffer overflow in the do_type function in cplus-dem.c in libiberty
  • CVE-2016-4493: Fix out-of-bounds read in demangle_template_value_parm and do_hpacc_template_literal
  • CVE-2016-6131: Fix infinite loop, stack overflow

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P