Felix Gröbert

**Name of the Vulnerable Software and Affected Versions** ClamAV versions 0.97.1 through 0.97.7 **Description** The issue allows remote attackers to cause a denial of service, specifically an out-of-bounds read, by utilizing a crafted length value in an encrypted PDF file. **Recommendations** For ClamAV versions 0.97.1 through 0.97.7, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Ruby on Rails versions 2.1.x through 2.3.x before 2.3.11 Ruby on Rails versions 3.x before 3.0.4 **Description** The issue makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX or API requests. This is related to improper validation of HTTP requests that contain an X-Requested-With header, which can be leveraged using combinations of browser plugins and HTTP redirects. **Recommendations** For Ruby on Rails versions 2.1.x through 2.3.x before 2.3.11, update to version 2.3.11 or later. For Ruby on Rails versions 3.x before 3.0.4, update to version 3.0.4 or later.

**Name of the Vulnerable Software and Affected Versions** Socat versions 1.5.0.0 through 1.7.1.2 Socat versions 2.0.0-b1 through 2.0.0-b3 **Description** A stack-based buffer overflow issue exists in the nestlex function in nestlex.c, which can be exploited when bidirectional data relay is enabled. This allows attackers to execute arbitrary code via long command-line arguments. **Recommendations** For Socat versions 1.5.0.0 through 1.7.1.2, update to a version outside of this range to resolve the issue. For Socat versions 2.0.0-b1 through 2.0.0-b3, update to a version outside of this range to resolve the issue. As a temporary workaround, consider disabling bidirectional data relay until a patch is available.