1.242.0

Notably, this release addresses:

USN-3791-1 USN-3791-1: Git vulnerability:

• CVE-2018-17456: Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.

-ii  git      1:1.9.1-1ubuntu0.8  amd64 fast, scalable, distributed revision control system
-ii  git-core 1:1.9.1-1ubuntu0.8  all   fast, scalable, distributed revision control system (obsolete)
-ii  git-man  1:1.9.1-1ubuntu0.8  all   fast, scalable, distributed revision control system (manual pages)
+ii  git      1:1.9.1-1ubuntu0.9  amd64 fast, scalable, distributed revision control system
+ii  git-core 1:1.9.1-1ubuntu0.9  all   fast, scalable, distributed revision control system (obsolete)
+ii  git-man  1:1.9.1-1ubuntu0.9  all   fast, scalable, distributed revision control system (manual pages)

1.241.0

Notably, this release addresses:

USN-3786-1 USN-3786-1: libxkbcommon vulnerabilities:

• CVE-2018-15853: Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation.
• CVE-2018-15854: Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly.
• CVE-2018-15855: Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled.
• CVE-2018-15856: An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files.
• CVE-2018-15857: An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file.
• CVE-2018-15858: Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file.
• CVE-2018-15859: Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled.
• CVE-2018-15861: Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure.
• CVE-2018-15862: Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers.
• CVE-2018-15863: Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression.
• CVE-2018-15864: Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created.

-ii  libxkbcommon0:amd64  0.4.1-0ubuntu1   amd64  library interface to the XKB compiler - shared library
+ii  libxkbcommon0:amd64  0.4.1-0ubuntu1.1 amd64  library interface to the XKB compiler - shared library

1.240.0

Notably, this release addresses:

USN-3785-1 USN-3785-1: ImageMagick vulnerabilities:

• CVE-2018-14434: ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c.
• CVE-2018-14435: ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c.
• CVE-2018-14436: ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c.
• CVE-2018-14437: ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c.
• CVE-2018-14551: The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption.
• CVE-2018-16323: ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.
• CVE-2018-16640: ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c.
• CVE-2018-16642: The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write.
• CVE-2018-16643: The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc function, which allows remote attackers to cause a denial of service via a crafted image file.
• CVE-2018-16644: There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image.
• CVE-2018-16645: There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file.
• CVE-2018-16749: In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file.
• CVE-2018-16750: In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found.

-ii  imagemagick                8:6.7.7.10-6ubuntu3.12  amd64 image manipulation programs
-ii  imagemagick-common         8:6.7.7.10-6ubuntu3.12  all   image manipulation programs -- infrastructure
+ii  imagemagick                8:6.7.7.10-6ubuntu3.13  amd64 image manipulation programs
+ii  imagemagick-common         8:6.7.7.10-6ubuntu3.13  all   image manipulation programs -- infrastructure
-ii  libmagickcore-dev          8:6.7.7.10-6ubuntu3.12  amd64 low-level image manipulation library - development files
-ii  libmagickcore5:amd64       8:6.7.7.10-6ubuntu3.12  amd64 low-level image manipulation library
-ii  libmagickcore5-extra:amd64 8:6.7.7.10-6ubuntu3.12  amd64 low-level image manipulation library - extra codecs
-ii  libmagickwand-dev          8:6.7.7.10-6ubuntu3.12  amd64 image manipulation library - development files
-ii  libmagickwand5:amd64       8:6.7.7.10-6ubuntu3.12  amd64 image manipulation library
+ii  libmagickcore-dev          8:6.7.7.10-6ubuntu3.13  amd64 low-level image manipulation library - development files
+ii  libmagickcore5:amd64       8:6.7.7.10-6ubuntu3.13  amd64 low-level image manipulation library
+ii  libmagickcore5-extra:amd64 8:6.7.7.10-6ubuntu3.13  amd64 low-level image manipulation library - extra codecs
+ii  libmagickwand-dev          8:6.7.7.10-6ubuntu3.13  amd64 image manipulation library - development files
+ii  libmagickwand5:amd64       8:6.7.7.10-6ubuntu3.13  amd64 image manipulation library

1.239.0

Notably, this release addresses:

USN-3776-2 USN-3776-2: Linux kernel (Xenial HWE) vulnerabilities:

• CVE-2017-18216: In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used.
• CVE-2018-10902: It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.
• CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable.
• CVE-2018-15572: The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.
• CVE-2018-15594: arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.
• CVE-2018-16276: An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.
• CVE-2018-17182: An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
• CVE-2018-6554: Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket.
• CVE-2018-6555: The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket.

-ii  linux-libc-dev:amd64 3.13.0-158.208       amd64 Linux Kernel Headers for development
+ii  linux-libc-dev:amd64 3.13.0-160.210       amd64 Linux Kernel Headers for development
-ii  tzdata               2017c-0ubuntu0.14.04 all   time zone and daylight-saving time data
+ii  tzdata               2018e-0ubuntu0.14.04 all   time zone and daylight-saving time data

1.238.0

Notably, this release addresses:

USN-3770-1 USN-3770-1: Little CMS vulnerabilities:

• CVE-2016-10165: The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
• CVE-2018-16435: Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.

USN-3769-1 USN-3769-1: Bind vulnerability:

• CVE-2018-5740: A flaw in the "deny-answer-aliases" feature can cause an INSIST assertion failure in named Accidental or deliberate triggering of this defect will cause an INSIST assertion failure in named, causing the named process to stop execution and resulting in denial of service to clients. Only servers which have explicitly enabled the "deny-answer-aliases" feature are at risk and disabling the feature prevents exploitation.

-ii  bind9-host         1:9.9.5.dfsg-3ubuntu0.17 amd64  Version of 'host' bundled with BIND 9.X
+ii  bind9-host         1:9.9.5.dfsg-3ubuntu0.18 amd64  Version of 'host' bundled with BIND 9.X
-ii  dnsutils           1:9.9.5.dfsg-3ubuntu0.17 amd64  Clients provided with BIND
+ii  dnsutils           1:9.9.5.dfsg-3ubuntu0.18 amd64  Clients provided with BIND
-ii  libbind9-90        1:9.9.5.dfsg-3ubuntu0.17 amd64  BIND9 Shared Library used by BIND
+ii  libbind9-90        1:9.9.5.dfsg-3ubuntu0.18 amd64  BIND9 Shared Library used by BIND
-ii  libdns100          1:9.9.5.dfsg-3ubuntu0.17 amd64  DNS Shared Library used by BIND
+ii  libdns100          1:9.9.5.dfsg-3ubuntu0.18 amd64  DNS Shared Library used by BIND
-ii  libisc95           1:9.9.5.dfsg-3ubuntu0.17 amd64  ISC Shared Library used by BIND
-ii  libisccc90         1:9.9.5.dfsg-3ubuntu0.17 amd64  Command Channel Library used by BIND
-ii  libisccfg90        1:9.9.5.dfsg-3ubuntu0.17 amd64  Config File Handling Library used by BIND
+ii  libisc95           1:9.9.5.dfsg-3ubuntu0.18 amd64  ISC Shared Library used by BIND
+ii  libisccc90         1:9.9.5.dfsg-3ubuntu0.18 amd64  Command Channel Library used by BIND
+ii  libisccfg90        1:9.9.5.dfsg-3ubuntu0.18 amd64  Config File Handling Library used by BIND
-ii  liblcms2-2:amd64   2.5-0ubuntu4.1           amd64  Little CMS 2 color management library
-ii  liblcms2-dev:amd64 2.5-0ubuntu4.1           amd64  Little CMS 2 color management library development headers
+ii  liblcms2-2:amd64   2.5-0ubuntu4.2           amd64  Little CMS 2 color management library
+ii  liblcms2-dev:amd64 2.5-0ubuntu4.2           amd64  Little CMS 2 color management library development headers
-ii  liblwres90         1:9.9.5.dfsg-3ubuntu0.17 amd64  Lightweight Resolver Library used by BIND
+ii  liblwres90         1:9.9.5.dfsg-3ubuntu0.18 amd64  Lightweight Resolver Library used by BIND

1.237.0

Notably, this release addresses:

USN-3767-1 USN-3767-1: GLib vulnerabilities:

• CVE-2018-16428: In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.
• CVE-2018-16429: GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().

-ii  libglib2.0-0:amd64 2.40.2-0ubuntu1   amd64 GLib library of C routines
-ii  libglib2.0-bin     2.40.2-0ubuntu1   amd64 Programs for the GLib library
-ii  libglib2.0-data    2.40.2-0ubuntu1   all   Common files for GLib library
-ii  libglib2.0-dev     2.40.2-0ubuntu1   amd64 Development files for the GLib library
+ii  libglib2.0-0:amd64 2.40.2-0ubuntu1.1 amd64 GLib library of C routines
+ii  libglib2.0-bin     2.40.2-0ubuntu1.1 amd64 Programs for the GLib library
+ii  libglib2.0-data    2.40.2-0ubuntu1.1 all   Common files for GLib library
+ii  libglib2.0-dev     2.40.2-0ubuntu1.1 amd64 Development files for the GLib library

1.236.0

Notably, this release addresses:

USN-3765-1 USN-3765-1: curl vulnerability:

• CVE-2018-14618: curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)

-ii  curl                       7.35.0-1ubuntu2.16 amd64  command line tool for transferring data with URL syntax
+ii  curl                       7.35.0-1ubuntu2.17 amd64  command line tool for transferring data with URL syntax
-ii  jq                         1.3-1.1ubuntu1     amd64  lightweight and flexible command-line JSON processor
+ii  jq                         1.3-1.1ubuntu1.1   amd64  lightweight and flexible command-line JSON processor
-ii  libcurl3:amd64             7.35.0-1ubuntu2.16 amd64  easy-to-use client-side URL transfer library (OpenSSL flavour)
-ii  libcurl3-gnutls:amd64      7.35.0-1ubuntu2.16 amd64  easy-to-use client-side URL transfer library (GnuTLS flavour)
-ii  libcurl4-openssl-dev:amd64 7.35.0-1ubuntu2.16 amd64  development files and documentation for libcurl (OpenSSL flavour)
+ii  libcurl3:amd64             7.35.0-1ubuntu2.17 amd64  easy-to-use client-side URL transfer library (OpenSSL flavour)
+ii  libcurl3-gnutls:amd64      7.35.0-1ubuntu2.17 amd64  easy-to-use client-side URL transfer library (GnuTLS flavour)
+ii  libcurl4-openssl-dev:amd64 7.35.0-1ubuntu2.17 amd64  development files and documentation for libcurl (OpenSSL flavour)
-ii  linux-libc-dev:amd64       3.13.0-157.207     amd64  Linux Kernel Headers for development
+ii  linux-libc-dev:amd64       3.13.0-158.208     amd64  Linux Kernel Headers for development

1.235.0

Notably, this release addresses:

USN-3758-1 USN-3758-1: libx11 vulnerabilities:

• CVE-2016-7942: The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations.
• CVE-2016-7943: The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations.
• CVE-2018-14598: An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).
• CVE-2018-14599: An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.
• CVE-2018-14600: An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution.

-ii  libmariadbclient-dev     5.5.59-1ubuntu0.14.04.1 amd64 MariaDB database development files
-ii  libmariadbclient18:amd64 5.5.59-1ubuntu0.14.04.1 amd64 MariaDB database client library
+ii  libmariadbclient-dev     5.5.61-1ubuntu0.14.04.1 amd64 MariaDB database development files
+ii  libmariadbclient18:amd64 5.5.61-1ubuntu0.14.04.1 amd64 MariaDB database client library
-ii  libx11-6:amd64           2:1.6.2-1ubuntu2        amd64 X11 client-side library
-ii  libx11-data              2:1.6.2-1ubuntu2        all   X11 client-side library
-ii  libx11-dev:amd64         2:1.6.2-1ubuntu2        amd64 X11 client-side library (development headers)
+ii  libx11-6:amd64           2:1.6.2-1ubuntu2.1      amd64 X11 client-side library
+ii  libx11-data              2:1.6.2-1ubuntu2.1      all   X11 client-side library
+ii  libx11-dev:amd64         2:1.6.2-1ubuntu2.1      amd64 X11 client-side library (development headers)
-ii  mariadb-common           5.5.59-1ubuntu0.14.04.1 all   MariaDB common metapackage
+ii  mariadb-common           5.5.61-1ubuntu0.14.04.1 all   MariaDB common metapackage

1.234.0

Notably, this release addresses:

USN-3755-1 USN-3755-1: GD vulnerabilities:

• CVE-2018-1000222: Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5.
• CVE-2018-5711: gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.

-ii  libgd-dev:amd64  2.1.0-3ubuntu0.8  amd64 GD Graphics Library (development version)
-ii  libgd2-noxpm-dev 2.1.0-3ubuntu0.8  all   GD Graphics Library (transitional package)
-ii  libgd3:amd64     2.1.0-3ubuntu0.8  amd64 GD Graphics Library
+ii  libgd-dev:amd64  2.1.0-3ubuntu0.10 amd64 GD Graphics Library (development version)
+ii  libgd2-noxpm-dev 2.1.0-3ubuntu0.10 all   GD Graphics Library (transitional package)
+ii  libgd3:amd64     2.1.0-3ubuntu0.10 amd64 GD Graphics Library

1.233.0

Notably, this release addresses:

USN-3753-2 USN-3753-2: Linux kernel (Xenial HWE) vulnerabilities:

• CVE-2017-13168: An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233.
• CVE-2018-10876: A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.
• CVE-2018-10877: Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.
• CVE-2018-10878: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.
• CVE-2018-10879: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.
• CVE-2018-10881: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
• CVE-2018-10882: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image.
• CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr.
• CVE-2018-13094: An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp.
• CVE-2018-13405: The inode_init_owner function in fs/inode.c in the Linux kernel through 4.17.4 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.
• CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.

-ii  linux-libc-dev:amd64  3.13.0-156.206  amd64  Linux Kernel Headers for development
+ii  linux-libc-dev:amd64  3.13.0-157.207  amd64  Linux Kernel Headers for development