Andreas Stieger

**Nome do software vulnerável e versões afetadas** Versões do TigerVNC anteriores à 1.11.0 **Descrição** O problema está relacionado ao tratamento incorreto de exceções de certificados TLS no TigerVNC. Os visualizadores armazenam os certificados como autoridades, permitindo que o proprietário de um certificado se faça passar por qualquer servidor após um cliente ter adicionado uma exceção. Isso poderia permitir que um invasor remoto acessasse e comprometesse dados confidenciais. **Recomendações** Para versões do TigerVNC anteriores à 1.11.0, atualize para a versão 1.11.0 ou posterior para resolver o problema. Como solução temporária, considere desativar o uso de exceções de certificado TLS no visualizador até que um patch esteja disponível. Restrinja o acesso a dados confidenciais e servidores para minimizar o risco de exploração.

**Nome do software vulnerável e versões afetadas** Versões 2.2.21 a 2.2.22 do GnuPG Versão 3.1.12 do Gpg4win **Descrição** O problema é causado por um estouro de matriz no arquivo g10/key-check.c, levando a uma falha ou possivelmente a outros impactos não especificados quando uma vítima importa a chave OpenPGP de um invasor com preferências AEAD. **Recomendações** Para as versões 2.2.21 e 2.2.22 do GnuPG, atualize para a versão 2.2.23 para resolver o problema. Para a versão 3.1.12 do Gpg4win, atualize para uma versão que inclua a correção para o GnuPG, como o GnuPG 2.2.23. Como solução alternativa temporária, considere evitar a importação de chaves OpenPGP com preferências AEAD até que o problema seja resolvido.

Name of the Vulnerable Software and Affected Versions: open build service versions prior to 20170320 Description: The issue allows reading of files outside of the package source directory during build, potentially leading to leakage of private information. This is due to the bs worker code following relative symlinks. Recommendations: For versions prior to 20170320, update to a version 20170320 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: ALT Linux (affected versions not specified) Description: General information about the issue is not provided, except that it concerns a package vulnerability in ALT Linux. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libgit2 versions prior to 0.24.6 libgit2 versions 0.25.x prior to 0.25.1 **Description** A buffer overflow issue exists in the git pkt parse line function in transports/smart pkt.c, which is part of the Git Smart Protocol support in libgit2. This issue allows remote attackers to have an unspecified impact via a crafted non-flush packet. **Recommendations** For libgit2 versions prior to 0.24.6, update to version 0.24.6 or later. For libgit2 versions 0.25.x prior to 0.25.1, update to version 0.25.1 or later.

**Name of the Vulnerable Software and Affected Versions** libgit2 versions prior to 0.24.6 libgit2 versions 0.25.x prior to 0.25.1 **Description** The issue allows remote attackers to cause a denial of service due to a NULL pointer dereference via an empty packet line in the Git Smart Protocol support. **Recommendations** For versions prior to 0.24.6, update to version 0.24.6 or later. For versions 0.25.x prior to 0.25.1, update to version 0.25.1 or later.

**Name of the Vulnerable Software and Affected Versions** libgit2 versions prior to 0.24.6 libgit2 versions 0.25.x prior to 0.25.1 **Description** The issue concerns the http connect function in transports/http.c, which might allow man-in-the-middle attackers to spoof servers. This is due to the clobbering of the error variable, potentially leading to security issues. **Recommendations** For libgit2 versions prior to 0.24.6, update to version 0.24.6 or later. For libgit2 versions 0.25.x prior to 0.25.1, update to version 0.25.1 or later.

**Name of the Vulnerable Software and Affected Versions** GnuTLS versions prior to 3.3.26 GnuTLS versions 3.5.x prior to 3.5.8 **Description** The issue allows remote attackers to cause a denial of service, resulting in an out-of-memory error and crash, via a crafted OpenPGP certificate. **Recommendations** For versions prior to 3.3.26, update to version 3.3.26 or later. For versions 3.5.x prior to 3.5.8, update to version 3.5.8 or later.

**Name of the Vulnerable Software and Affected Versions** dracut versions prior to 045 **Description** A local information disclosure issue was found when generating initramfs images with world-readable permissions, particularly when 'early cpio' is used, such as including microcode updates. This allows a local attacker to obtain sensitive information from these files, including encryption keys or credentials. **Recommendations** For dracut versions prior to 045, update to version 045 or later to resolve the issue. As a temporary workaround, consider restricting access to initramfs images generated with 'early cpio' to minimize the risk of exploitation. Avoid using world-readable permissions when generating these images until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Python versions prior to 2.7.12 **Description** The issue concerns a variable name clash in a CGI script, potentially allowing a remote attacker to redirect HTTP requests. This is related to the `HTTP PROXY` variable. **Recommendations** For versions prior to 2.7.12, consider updating to version 2.7.12 or later to resolve the issue. As a temporary workaround, restrict access to CGI scripts that use the `HTTP PROXY` variable until a patch is applied. Avoid using the `HTTP PROXY` variable in affected CGI scripts until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.3.3 **Description** A race condition exists in the `rds sendmsg` function, allowing local users to cause a denial of service, potentially resulting in a system crash, by utilizing a socket that was not properly bound. This issue is a result of an incomplete fix for a previous problem. **Recommendations** For Linux kernel versions prior to 4.3.3, update to version 4.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `rds sendmsg` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ceph-deploy versions prior to 1.5.25 **Description** The issue concerns the admin command in ceph-deploy, which uses world-readable permissions for the `/etc/ceph/ceph.client.admin.keyring` file. This allows local users to obtain sensitive information by reading the file. **Recommendations** For versions prior to 1.5.25, update to version 1.5.25 or later to resolve the issue. As a temporary workaround, consider changing the permissions of the `/etc/ceph/ceph.client.admin.keyring` file to restrict access until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** ceph-deploy versions prior to 1.5.23 **Description** The issue allows local users to obtain sensitive information by reading the `ceph/ceph.client.admin.keyring` file due to weak permissions (644) used by ceph-deploy. **Recommendations** For versions prior to 1.5.23, update to version 1.5.23 or later to resolve the issue. As a temporary workaround, consider changing the permissions of the `ceph/ceph.client.admin.keyring` file to restrict access until a patch is applied.