Dirk Mueller

**Nome do Software Vulnerável e Versões Afetadas** libzypp versões anteriores a 17.38.9-1.1 **Descrição** A função `PluginScript` tenta usar o `chroot` para restringir o plugin ao `repoManagerRoot`. Em configurações padrão ou ao usar a opção `--root`, esta raiz é frequentemente definida como `/` (a raiz do sistema). Quando o alvo do chroot é `/`, a operação não produz efeito, permitindo que um caminho percorrido execute binários do host, como `/bin/bash`, com privilégios de root. **Recomendações** Atualizar para a versão 17.38.9-1.1.

**Nome do Software Vulnerável e Versões Afetadas** haveged (versões afetadas não especificadas) **Descrição** Um problema de escalonamento de privilégios existe através do socket de comando. O software verifica o ID do usuário do peer conectante usando `SO PEERCRED` e envia uma resposta NAK para chamadores que não sejam root. No entanto, a execução continua após o envio da resposta NAK, o que permite a exploração de root local. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha a correção para esta vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Versões do SUSE OpenStack Cloud 7 crowbar-core anteriores à 4.0+git.1578392992.fabfd186c-9.63.1 Versões do SUSE OpenStack Cloud 8 ardana-cinder anteriores à 8.0+git.1579279939.ee7da88-3.39.3 Versões do SUSE OpenStack Cloud 9 ardana-ansible anteriores à 9.0+git.1581611758.f694f7d-3.16.1 Versões do SUSE OpenStack Cloud Crowbar 8 crowbar-core anteriores à 5.0+git.1582968668.1a55c77c5-3.35.4 SUSE OpenStack Cloud Crowbar 9: versões do crowbar-core anteriores à 6.0+git.1582892022.cbd70e833-3.19.3 **Descrição** O problema está relacionado ao gerenciamento inadequado de privilégios no Crowbar, permitindo que usuários root em qualquer nó gerenciado pelo Crowbar obtenham acesso root em qualquer outro nó. Trata-se de uma vulnerabilidade de violação do princípio do privilégio mínimo. **Recomendações** Para versões do SUSE OpenStack Cloud 7 crowbar-core anteriores à 4.0+git.1578392992.fabfd186c-9.63.1, atualize para uma versão que inclua a correção. Para versões do SUSE OpenStack Cloud 8 ardana-cinder anteriores à 8.0+git.1579279939.ee7da88-3.39.3, atualize para uma versão que inclua a correção. Para versões do SUSE OpenStack Cloud 9 ardana-ansible anteriores à 9.0+git.1581611758.f694f7d-3.16.1, atualize para uma versão que inclua a correção. Para versões do SUSE OpenStack Cloud Crowbar 8 crowbar-core anteriores à 5.0+git.1582968668.1a55c77c5-3.35.4, atualize para uma versão que inclua a correção. Para o SUSE OpenStack Cloud Crowbar 9, versões do crowbar-core anteriores à 6.0+git.1582892022.cbd70e833-3.19.3, atualize para uma versão que inclua a correção.

**Name of the Vulnerable Software and Affected Versions** Amarok (affected versions not specified) **Description** The issue is related to the ruby handlers in the Magnatune component, which do not properly quote text in certain contexts. This could potentially include the construction of an unzip command line, allowing attackers to execute arbitrary commands via shell metacharacters. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: xdm versions prior to 1.0.4-r1 Description: The issue concerns multiple vulnerabilities in the xdm package, which can be exploited locally to compromise the confidentiality, integrity, and availability of protected information. Specifically, the X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, do not check the return values for setuid and seteuid calls when attempting to drop privileges. This might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit. Recommendations: For xdm versions prior to 1.0.4-r1, update to version 1.0.4-r1 or later to resolve the issue. As a temporary workaround, consider restricting access to the xdm package to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: pdfkit.framework versions prior to the fixed version kdegraphics versions prior to 3.4.3-r4 Description: The issue involves multiple vulnerabilities in the pdfkit.framework package of Debian GNU/Linux and kdegraphics package of Gentoo Linux. These vulnerabilities can be exploited remotely, potentially leading to a breach of confidentiality, integrity, and availability of protected information. Specifically, a heap-based buffer overflow in Splash.cc, as used in xpdf and other products including pdfkit.framework and kdegraphics, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images. Recommendations: For pdfkit.framework, update to a version that contains a fix for this issue. For kdegraphics versions prior to 3.4.3-r4, update to version 3.4.3-r4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable pdfkit.framework and kdegraphics packages until a patch is available.

**Name of the Vulnerable Software and Affected Versions** KDE versions 3.2.x through 3.4.0 **Description** The issue affects the Kate and Kwrite applications, where they do not properly set the same permissions on the backup file as were set on the original file. This could allow local users and possibly remote attackers to obtain sensitive information. **Recommendations** For KDE versions 3.2.x through 3.4.0, consider updating the permissions handling in the Kate and Kwrite applications to match the original file's permissions for backup files, or apply a configuration change to restrict access to sensitive information until a proper fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** kdepim versions 3.1.0 through 3.1.4 **Description** The issue is related to a buffer overflow in the VCF file information reader, which allows attackers to execute arbitrary code via a VCF file. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be done remotely. **Recommendations** For versions 3.1.0 through 3.1.4, update to a version outside of this range to mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly earlier versions, allows local users to cause a core dump in scheme and possibly gain privileges via certain environment variables, a different vulnerability than CVE-2001-0797 and CVE-1999-0028.

**Name of the Vulnerable Software and Affected Versions** libqt3-mt-dev versions prior to 3.3.8 libqt3c102-mt-ibase versions prior to 3.3.8 qt3-dev-tools versions prior to 3.3.8 libqt3c102-mt-mysql versions prior to 3.3.8 libqt3c102-mt-psql versions prior to 3.3.8 libqt3c102-mt-odbc versions prior to 3.3.8 qt3-designer versions prior to 3.3.8 qt3-dev-tools-embedded versions prior to 3.3.8 libqt3-dev versions prior to 3.3.8 libqt3-mt-psql versions prior to 3.3.8 qt-designer-3.3.3 versions prior to 3.3.8 qt-devel-docs-3.3.6 versions prior to 3.3.8 qt-3.3.6 versions prior to 3.3.8 qt3-examples versions prior to 3.3.8 qt3-qtconfig versions prior to 3.3.8 libqt3c102-mt-sqlite versions prior to 3.3.8 libqt3c102-mt-psql versions prior to 3.3.8 qt-x11-free-dbg versions prior to 3.3.8 libqt3-mt-ibase versions prior to 3.3.8 qt-config-3.3.6 versions prior to 3.3.8 libqt3-compat-headers versions prior to 3.3.8 libqt3c102-ibase versions prior to 3.3.8 qt-designer-3.3.6 versions prior to 3.3.8 qt (versions prior to 3.3.8-r4) libqt3-mt-odbc versions prior to 3.3.8 libqt3-mt versions prior to 3.3.8 qt-devel-3.3.6 versions prior to 3.3.8 libqt3-mt-sqlite versions prior to 3.3.8 libqt3-headers versions prior to 3.3.8 libqt3c102-mt versions prior to 3.3.8 qt3-dev-tools-compat versions prior to 3.3.8 libqt3-mt-mysql versions prior to 3.3.8 qt3-apps-dev versions prior to 3.3.8 qt3-linguist versions prior to 3.3.8 qt-config-3.3.3 versions prior to 3.3.8 qt-devel-3.3.3 versions prior to 3.3.8 qt-3.3.3 versions prior to 3.3.8 qt3-doc versions prior to 3.3.8 libqt3c102 versions prior to 3.3.8 libqt3c102-odbc versions prior to 3.3.8 **Description** The issue is related to multiple vulnerabilities in various Qt packages, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. According to the information provided, the vulnerabilities are present in various Qt packages, including libqt3-mt-dev, libqt3c102-mt-ibase, qt3-dev-tools, and others. The exploitation of these vulnerabilities can result in a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. **Recommendations** For each affected version, update to a version 3.3.8 or later to resolve the issue. As a temporary workaround, consider disabling the `QUtf8Decoder::toUnicode` function until a patch is available. Restrict access to the vulnerable modules to minimize the risk of exploitation. Avoid using the vulnerable packages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.