Ludwig Nussel

**Nome do software vulnerável e versões afetadas** Versões do grub2 anteriores à 2.06-150400.7.1 Versões do grub2 anteriores à 2.06-18.1 **Descrição** Um invasor local pode explorar uma vulnerabilidade relacionada a arquivos temporários inseguros no grub-once do grub2 para truncar arquivos arbitrários. **Recomendações** Para o SUSE Linux Enterprise Server 15 SP4, atualize para uma versão posterior à 2.06-150400.7.1. Para o SUSE openSUSE Factory, atualize para uma versão posterior à 2.06-18.1.

**Nome do software vulnerável e versões afetadas** Versões do golang/go anteriores à 1.0.2 **Descrição** O problema decorre da função `dotest()` em `src/pkg/debug/gosym/pclntab test.go`, que cria um arquivo temporário com um nome previsível e o executa como um script de shell. Esse comportamento representa um risco, especialmente em máquinas compartilhadas. **Recomendações** Para versões anteriores à 1.0.2, atualize para a versão 1.0.2 para resolver o problema. Como solução temporária, considere restringir o acesso à função `dotest()` em `src/pkg/debug/gosym/pclntab test.go` até que a atualização seja aplicada.

**Nome do software vulnerável e versões afetadas** Versões 0.9 e anteriores do NetworkManager **Descrição** A vulnerabilidade permite que usuários locais utilizem certificados ou chaves privadas de outros usuários ao estabelecer uma conexão por meio do caminho do arquivo ao adicionar uma nova conexão. **Recomendações** Para as versões 0.9 e anteriores do NetworkManager, considere restringir o acesso aos arquivos de certificados e chaves privadas até que um patch esteja disponível. Como solução temporária, evite usar o caminho do arquivo para adicionar novas conexões nas versões afetadas. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** ikiwiki versions prior to 3.20110608 **Description** The issue allows remote attackers to hijack root's tty and run symlink attacks. **Recommendations** For versions prior to 3.20110608, update to version 3.20110608 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** open build service versions prior to 2.1.16 **Description** A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. **Recommendations** For versions prior to 2.1.16, update to version 2.1.16 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SUSE open build service versions prior to 2.3 SUSE open build service version 2.1.15 and earlier **Description** A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. **Recommendations** For SUSE open build service versions prior to 2.3, update to version 2.3 or later. For SUSE open build service version 2.1.15 and earlier, update to a version later than 2.1.15 or apply the necessary patches to restrict access to source files.

**Name of the Vulnerable Software and Affected Versions** kdump versions prior to 2012-01-20 **Description** The issue is related to the missing host key verification in the kdump and mkdumprd OpenSSH integration of kdump. This could allow a remote malicious kdump server to impersonate the correct kdump server, potentially obtaining security-sensitive information, such as kdump core files. **Recommendations** For versions prior to 2012-01-20, update to a version that includes the fix for this issue to ensure host key verification is properly implemented. As a temporary workaround, consider restricting access to the kdump server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenBuildService versions prior to 2.3.0 **Description** A code injection issue in the web UI of the OpenBuildService allows authorized attackers to execute shellcode by manipulating the project rebuild times statistics. **Recommendations** For versions prior to 2.3.0, update to version 2.3.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libzypp versions prior to 20170803 **Description** The issue allows unsigned YUM repositories to be added without warning the user, which could lead to man-in-the-middle attacks or malicious servers injecting malicious RPM packages into a user's system. **Recommendations** For versions prior to 20170803, update to version 20170803 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: NextCloud versions (affected versions not specified) Description: The issue is related to insufficient access control in the NextCloud platform on the OpenSUSE Leap operating system. It allows a remote attacker to gain root privileges during a NextCloud package upgrade by exploiting scripts running as the wwwrun user, specifically those located in the /srv/www/htdocs directory. Recommendations: For all affected versions, consider restricting access to the /srv/www/htdocs directory to minimize the risk of exploitation. As a temporary workaround, consider disabling the execution of scripts in the /srv/www/htdocs directory until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** osc versions prior to 0.151.0 **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in a service file. **Recommendations** For versions prior to 0.151.0, update to version 0.151.0 or later to resolve the issue.

**Nome do software vulnerável e versões afetadas** Versões 0.9.x do NetworkManager **Descrição** A vulnerabilidade diz respeito a um problema em que o NetworkManager não associa corretamente o assunto de um certificado a um ESSID ao utilizar a autenticação 802.11X. Isso pode potencialmente levar a problemas de segurança, uma vez que o processo de autenticação pode não verificar corretamente a identidade da rede à qual se está conectando. **Recomendações** Para as versões 0.9.x do NetworkManager, no momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** International Components for Unicode (ICU) versions prior to 49.1 **Description** The issue is related to a stack-based buffer overflow in the ` canonicalize` function in `common/uloc.c` that allows remote attackers to execute arbitrary code via a crafted locale ID. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be done remotely. **Recommendations** For International Components for Unicode (ICU) versions prior to 49.1, update to version 49.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the ` canonicalize` function in `common/uloc.c` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libpng versions prior to 1.5.10 libpng versions prior to 1.2.39beta5 **Description** The issue is related to a memory leak in the embedded profile len function in pngwutil.c, which can be exploited by context-dependent attackers to cause a denial of service, such as a memory leak or segmentation fault, via a JPEG image containing an iCCP chunk with a negative embedded profile length. Multiple vulnerabilities in the libpng package can lead to violations of confidentiality, integrity, and availability of protected information, and can be exploited remotely. **Recommendations** For libpng versions prior to 1.2.39beta5, update to version 1.2.39beta5 or later. For libpng versions prior to 1.5.10, update to version 1.5.10 or later.

**Name of the Vulnerable Software and Affected Versions** ViewVC versions prior to 1.1.15 **Description** The issue concerns the remote SVN views functionality in ViewVC, where improper authorization allows remote attackers to bypass intended access restrictions. This could lead to a breach of confidentiality of protected information. The exploitation of these vulnerabilities can be carried out remotely. **Recommendations** For versions prior to 1.1.15, update to version 1.1.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the `lib/vclib/svn/svn ra.py` module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ViewVC versions prior to 1.1.15 **Description** The issue concerns multiple vulnerabilities in the ViewVC package of the Debian GNU/Linux operating system, which can be exploited remotely to compromise the confidentiality of protected information. Specifically, the SVN revision view in ViewVC does not properly handle log messages when a readable path is copied from an unreadable path, allowing remote attackers to obtain sensitive information, related to a "log msg leak." **Recommendations** For versions prior to 1.1.15, update to version 1.1.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the SVN revision view functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** logrotate on SUSE openSUSE Factory **Description** The issue arises from the default configuration of logrotate, which uses root privileges to process files in directories that allow non-root write access. This lack of support for untrusted directories enables local users to perform symlink and hard link attacks. The vulnerability can be demonstrated in directories for various packages, including cobbler, inn, safte-monitor, and uucp. **Recommendations** For logrotate on SUSE openSUSE Factory, consider reconfiguring logrotate to avoid processing files in directories with non-root write access as a temporary workaround. Restrict access to these directories to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** openSUSE Factory (affected versions not specified) **Description** The issue allows local users to potentially gain privileges by exploiting access to the web-service user account during root filesystem operations by the Cobbler daemon. This is due to the ownership of the /var/log/cobbler/ directory tree being assigned to the web-service user account. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** logrotate versions prior to 3.8.0 **Description** The issue concerns multiple vulnerabilities in the logrotate package that can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited locally. Specifically, the default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access. This allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, such as those under /var/log/ for packages. **Recommendations** For versions prior to 3.8.0, update to version 3.8.0 or later to resolve the issue. As a temporary workaround, consider restricting write access to directories processed by logrotate to prevent local users from conducting symlink and hard link attacks.

**Name of the Vulnerable Software and Affected Versions** logrotate (affected versions not specified) **Description** The default configuration of logrotate on Debian GNU/Linux has a security issue where it uses root privileges to process files in directories that permit non-root write access. This allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories. For example, this can be demonstrated in the /var/log/postgresql/ directory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.