Gabriel Vlasiu

**Name of the Vulnerable Software and Affected Versions** xfsprogs versions prior to 3.2.4 **Description** The issue allows remote attackers to obtain sensitive information by reading a generated image due to improper obfuscation of file data by xfs metadump in xfsprogs. **Recommendations** For versions prior to 3.2.4, update to version 3.2.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** yum versions 3.4.3 and earlier **Description** The issue allows remote attackers to bypass the RMP package signing restriction, potentially leading to a violation of protected information integrity. This can be exploited remotely. The `installUpdates` function in `yum-cron/yum-cron.py` does not properly check the return value of the `sigCheckPkg` function, enabling the bypass via an unsigned package. **Recommendations** For versions 3.4.3 and earlier, as a temporary workaround, consider disabling the `installUpdates` function until a patch is available. Restrict access to unsigned packages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.