Jim Meyering

**Nome do software vulnerável e versões afetadas** Versões do GNU gzip (versões afetadas não especificadas) **Descrição** Foi identificada uma vulnerabilidade de gravação de arquivos arbitrários no utilitário zgrep do GNU gzip. Essa falha ocorre devido à validação insuficiente ao processar nomes de arquivos com duas ou mais quebras de linha, nos quais o conteúdo selecionado e os nomes dos arquivos de destino estão incorporados em nomes de arquivos multilinha criados propositalmente. Um invasor remoto com privilégios limitados pode forçar o zgrep a gravar arquivos arbitrários no sistema aplicando o zgrep a um nome de arquivo manipulado. A vulnerabilidade permite que um invasor sobrescreva arquivos arbitrários no sistema. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** grep versions 2.19 through 2.21 **Description** The issue allows local users to cause a denial of service, resulting in an out-of-bounds heap read and crash, via crafted input when using the -F option. This is due to a problem in the bmexec trans function in kwset.c. **Recommendations** For versions 2.19 through 2.21, consider avoiding the use of the -F option until a fix is available. As a temporary workaround, restrict the use of crafted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** GlusterFS version 3.3.0 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. **Recommendations** For GlusterFS version 3.3.0, consider restricting access to temporary files to prevent symlink attacks until a patch is available.

**Name of the Vulnerable Software and Affected Versions** devscripts versions prior to 2.12.2 rpmdevtools versions prior to 8.3 **Description** The issue allows local users to modify arbitrary files via a symlink attack on the temporary standard output or standard error output file. This is related to the `scripts/annotate-output.sh` script in devscripts. **Recommendations** For devscripts versions prior to 2.12.2, update to version 2.12.2 or later. For rpmdevtools versions prior to 8.3, update to version 8.3 or later.

**Name of the Vulnerable Software and Affected Versions** cgit versions prior to 0.8.3.5 **Description** The issue is caused by an off-by-one error in the `convert query hexchar` function in `html.c` in `cgit.cgi`. This allows remote attackers to cause a denial of service (infinite loop) via a string composed of a % (percent) character followed by invalid hex characters, such as a `%gg` sequence. **Recommendations** For versions prior to 0.8.3.5, update to version 0.8.3.5 or later to resolve the issue. As a temporary workaround, consider restricting input to prevent strings with a % (percent) character followed by invalid hex characters from being processed by the `convert query hexchar` function.

**Name of the Vulnerable Software and Affected Versions** tar versions 1.14 through 1.15.90 **Description** The issue allows user-assisted attackers to cause a denial of service, potentially leading to application crashes, and may also allow the execution of code. This is achieved through unspecified vectors involving PAX extended headers. **Recommendations** For tar versions 1.14 through 1.15.90, update to a version outside of this range to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** cgit versions 0.9.0.3 and earlier **Description** The issue is related to a heap-based buffer overflow in the substr function in parsing.c, which can be exploited by remote authenticated users. This can lead to a denial of service (crash) and possibly the execution of arbitrary code via an empty username in the "Author" field in a commit. The vulnerability can be exploited remotely by an attacker who has passed the authentication procedure, potentially disrupting the confidentiality, integrity, and availability of protected information. **Recommendations** For cgit versions 0.9.0.3 and earlier, update to a version later than 0.9.0.3 to resolve the issue. As a temporary workaround, consider restricting access to the substr function in parsing.c to minimize the risk of exploitation. Avoid using empty usernames in the "Author" field in commits until the issue is resolved.