Florian Weimer

**Name of the Vulnerable Software and Affected Versions** glibc (affected versions not specified) **Description** A flaw was found in glibc. When the `getaddrinfo` function is called with the AF UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash. The issue is related to reading data beyond the buffer boundaries in memory, which can be exploited by a remote attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do software vulnerável e versões afetadas** Versões do Rust 1.0.0 a 1.58.0 **Descrição** A função da biblioteca padrão `std::fs::remove dir all` no Rust está vulnerável a uma condição de corrida que permite o rastreamento de links simbólicos. Essa vulnerabilidade permite que um invasor induza um programa com privilégios a excluir arquivos e diretórios aos quais o invasor não teria acesso ou não poderia excluir de outra forma. A vulnerabilidade é particularmente perigosa quando o aplicativo afetado é executado com privilégios elevados, pois pode levar à exclusão de arquivos importantes do sistema. **Recomendações** Para resolver o problema, atualize para o Rust 1.58.1 o mais rápido possível, especialmente se você estiver desenvolvendo programas que devem ser executados em contextos privilegiados, incluindo daemons do sistema e binários setuid. Para alvos de compilação que não possuem APIs utilizáveis para mitigar adequadamente o ataque, como o macOS anterior à versão 10.10 (Yosemite) e o REDOX, considere estratégias alternativas de mitigação, mas observe que, mesmo com uma cadeia de ferramentas corrigida, esses alvos ainda estão vulneráveis. Como solução temporária, considere evitar o uso da função `std::fs::remove dir all` em contextos privilegiados até que o problema seja totalmente resolvido.

**Nome do software vulnerável e versões afetadas** Versões 2.32 e 2.33 da glibc **Descrição** O problema está relacionado à função `mq notify` na Biblioteca C do GNU, que apresenta uma vulnerabilidade do tipo “use-after-free”. Isso ocorre quando a função utiliza o objeto de atributos da thread de notificação, passado através de seu parâmetro `struct sigevent`, após ele ter sido liberado pelo chamador. A exploração dessa vulnerabilidade pode permitir que um invasor remoto cause uma negação de serviço, resultando na falha do aplicativo, ou possivelmente tenha outros impactos não especificados. **Recomendações** Para as versões 2.32 e 2.33 da glibc, considere desativar a função `mq notify` como uma solução temporária até que um patch esteja disponível. Restrinja o acesso à função `mq notify` para minimizar o risco de exploração. Evite usar o parâmetro `struct sigevent` na função `mq notify` afetada até que o problema seja resolvido.

**Nome do software vulnerável e versões afetadas** Versões 3.4.1 a 3.5.1 da libarchive **Descrição** O problema está relacionado a um uso após liberação (use-after-free) na função `copy string`, que é chamada pelas funções `do uncompress block` e `process block`. Isso pode permitir que um invasor remoto execute código arbitrário e afete o sistema, levando potencialmente a uma negação de serviço. A vulnerabilidade está associada ao uso de memória após ela ter sido liberada. **Recomendações** Para as versões 3.4.1 a 3.5.1 do libarchive, considere desativar a função `copy string` como uma solução temporária até que um patch esteja disponível. Restrinja o acesso às funções `do uncompress block` e `process block` para minimizar o risco de exploração. No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Versões do Condor 7.6.x a 7.6.9 Versões do Condor 7.8.x a 7.8.3 **Descrição** As funções my popenv impl e my spawnv em src/condor utils/my popen.cpp e a função systemCommand em condor vm-gahp/vmgahp common.cpp não verificam adequadamente o valor de retorno das chamadas setuid, o que pode fazer com que um subprocesso seja criado com privilégios de root e permitir que invasores remotos obtenham privilégios por meio de vetores não especificados. **Recomendações** Para as versões 7.6.x a 7.6.9 do Condor, atualize para a versão 7.6.10 ou posterior. Para as versões 7.8.x a 7.8.3 do Condor, atualize para a versão 7.8.4 ou posterior.

**Name of the Vulnerable Software and Affected Versions** Smokeping versions prior to 2.6.9 **Description** The issue is related to an incomplete fix for a previously identified problem, leading to a potential security concern. **Recommendations** For versions prior to 2.6.9, update to version 2.6.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** mom (affected versions not specified) **Description** The issue is related to the creation of world-writable pid files in /var/run by mom. This could potentially allow unauthorized access or modification of these files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libuser versions 0.56 through 0.57 **Description** The issue is related to a TOCTOU (time-of-check time-of-use) race condition that occurs when copying and removing directory trees. **Recommendations** For versions 0.56 and 0.57, consider implementing additional checks to mitigate the TOCTOU race condition until a patch is available. As a temporary workaround, consider restricting access to the directory tree operations to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Designate (affected versions not specified) **Description** The issue concerns Designate not enforcing the DNS protocol limit regarding record set sizes. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** cumin (affected versions not specified) **Description** The issue is related to the creation of a postgresql database user without a password during the installation of cumin. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Vixie Cron versions prior to 3.0pl1-133 **Description** The issue is related to a use-after-free error in the `force rescan user` function of the Cron daemon, which can cause a denial of service and daemon crash. This can be exploited by local users to disrupt service. **Recommendations** For versions prior to 3.0pl1-133, update to the 3.0pl1-133 Debian package or later to resolve the issue. As a temporary workaround, consider restricting access to the Cron daemon to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Vixie Cron versions prior to 3.0pl1-133 **Description** The issue is related to a daemon scheduler task vulnerability in UNIX-like operating systems, specifically in the Cron system. It involves pointer dereference errors. Exploitation of this issue allows an attacker to cause a denial of service, leading to a daemon crash. This can be achieved by a local user through a large crontab file, as the calloc return value is not properly checked. **Recommendations** For Vixie Cron versions prior to 3.0pl1-133, update to version 3.0pl1-133 or later to resolve the issue. As a temporary workaround, consider restricting access to large crontab files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** glibc versions through 2.28 **Description** The issue is related to the string component in the GNU C Library, specifically when running on the x32 architecture. It incorrectly attempts to use a 64-bit register for size t in assembly codes, which can lead to a segmentation fault or possibly other unspecified impacts. This is demonstrated by a crash in the ` memmove avx unaligned erms` function during a memcpy. The vulnerability is also associated with errors in resource release in the ` memmove avx unaligned erms` function, which can be exploited to cause an application crash using a specially crafted file. **Recommendations** For glibc versions through 2.28, consider updating to a version that addresses this issue, as the current version may lead to a segmentation fault or application crash due to incorrect register usage and resource release errors. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** glibc versions through 2.29 **Description** The issue is related to the memcmp function in the GNU C Library, which has insufficient input validation. This can lead to incorrect results, potentially allowing an attacker to cause a denial of service. Specifically, for the x32 architecture, the memcmp function can incorrectly return zero, indicating that the inputs are equal, due to mishandling of the RDX most significant bit. **Recommendations** For glibc versions through 2.29, consider updating to a version where this issue is fixed, as the current version may allow an attacker to exploit the memcmp function, leading to a denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU C Library (aka glibc or libc6) versions prior to 2.27 **Description** The issue is related to the glob function in the GNU C Library, specifically when invoked with GLOB TILDE and processing the ~ operator with a long user name. This could lead to a denial of service due to a memory leak. The vulnerability can be exploited by a remote attacker to cause a service disruption. **Recommendations** For GNU C Library versions prior to 2.27, update to version 2.27 or later to resolve the issue. As a temporary workaround, consider restricting the use of the glob function with GLOB TILDE to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenStack Kilo Designate versions 2015.1.0 through 1.0.0.0b1 **Description** The issue does not properly enforce RecordSets per domain and Records per RecordSet quotas when processing an internal zone file transfer. This could allow remote attackers to cause a denial of service, potentially resulting in an infinite loop, via a crafted resource record set. **Recommendations** For Designate versions 2015.1.0 through 1.0.0.0b1, as a temporary workaround, consider restricting the processing of internal zone file transfers to prevent potential denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** selinux-policy (affected versions not specified) **Description** The issue allows local users to cause a denial of service, specifically preventing SSH login, by creating a hardlink to /etc/passwd from a directory named .config and updating selinux-policy, when sysctl fs.protected hardlinks are set to 0. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Red Hat Gluster Storage RPM Package version 3.2 **Description** The issue allows local users to gain privileges and execute arbitrary code as root. **Recommendations** For Red Hat Gluster Storage RPM Package version 3.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** opa-fm versions prior to 10.4.0.0.196 opa-ff versions prior to 10.4.0.0.197 **Description** The issue is related to race conditions. **Recommendations** For opa-fm versions prior to 10.4.0.0.196, update to version 10.4.0.0.196 or later. For opa-ff versions prior to 10.4.0.0.197, update to version 10.4.0.0.197 or later.

**Name of the Vulnerable Software and Affected Versions** mock (affected versions not specified) **Description** The issue is related to the scm plug-in in mock, which may allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file. This is due to insufficient access control, potentially enabling a remote attacker to exploit the weakness and obtain superuser privileges using a specially created file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.