Garth Mollett

**Name of the Vulnerable Software and Affected Versions** Openshift (affected versions not specified) **Description** The issue is related to shell command injection flaws in Openshift, caused by unsanitized data being passed into shell commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Katello (affected versions not specified) **Description** The issue allows remote authenticated users to execute the `system remove deletion` CLI command due to weaknesses in `remove system` permissions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenStack Ironic Inspector (affected versions not specified) **Description** The issue allows remote attackers to access the Flask console and execute arbitrary Python code by triggering an error when debug mode is enabled. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenStack Compute (Nova) versions prior to 2014.1.3 **Description** The issue allows remote authenticated users to bypass the quota limit and cause a denial of service by consuming resources. This is achieved by putting a virtual machine into the rescue state, suspending it, which results in an ERROR state, and then deleting the image. The problem exists due to an incomplete fix for a previous issue. **Recommendations** For versions prior to 2014.1.3, update to version 2014.1.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Katello Installer versions prior to 0.0.18 **Description** The issue allows local users to obtain the private key by reading the file due to world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node. **Recommendations** For versions prior to 0.0.18, update to version 0.0.18 or later to resolve the issue. As a temporary workaround, consider changing the permissions of the /etc/pki/tls/private/katello-node.key file to restrict access until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Oracle MySQL versions prior to 5.5.35 MariaDB versions prior to 5.5.35 **Description** The issue is related to a buffer overflow in the client/mysql.cc file, which can be exploited by remote database servers. This can cause a denial of service (crash) and possibly allow the execution of arbitrary code via a long server version string. The vulnerability can be exploited using a long server version string, potentially leading to a denial of service or code execution on the remote database server. **Recommendations** For Oracle MySQL versions prior to 5.5.35, update to version 5.5.35 or later to resolve the issue. For MariaDB versions prior to 5.5.35, update to version 5.5.35 or later to resolve the issue. As a temporary workaround, consider restricting access to the `client/mysql.cc` file or limiting the length of server version strings to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** nss-pam-ldapd versions 0.7.x through 0.7.17 nss-pam-ldapd versions 0.8.x through 0.8.10 **Description** The issue is related to the incorrect use of the FD SET macro, which can trigger a stack-based buffer overflow when an application has a large number of open file descriptors. This can cause a denial of service, resulting in an application crash, and potentially allow for the execution of arbitrary code. The vulnerability is also related to the implementation of the select() and FD SET() functions in the nss-pam-ldapd package, which can lead to a file descriptor overflow. **Recommendations** For nss-pam-ldapd versions 0.7.x through 0.7.17, update to version 0.7.18 or later. For nss-pam-ldapd versions 0.8.x through 0.8.10, update to version 0.8.11 or later. As a temporary workaround, consider restricting the number of open file descriptors for applications using nss-pam-ldapd to minimize the risk of exploitation.