Mark J Cox

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions prior to 0.9.8l **Description** The issue allows remote attackers to cause a denial of service, affecting the integrity and availability of protected information. This can be achieved through the exploitation of the dtls1 buffer record function in ssl/d1 pkt.c, which is vulnerable to a large series of "future epoch" DTLS records that are buffered in a queue, also known as the "DTLS record buffer limitation bug." **Recommendations** For versions prior to 0.9.8l, update to version 0.9.8l or later to resolve the issue. As a temporary workaround, consider restricting access to the dtls1 buffer record function in ssl/d1 pkt.c to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: vsftpd versions prior to 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4 Description: A memory leak issue exists in a certain Red Hat deployment of vsftpd when PAM is used. This issue allows remote attackers to cause a denial of service by consuming memory via a large number of invalid authentication attempts within the same session. Recommendations: For vsftpd versions prior to 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, update to version 2.0.5 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: ViHor Design (affected versions not specified) Description: A directory traversal issue exists in index.php, allowing remote attackers to read arbitrary files by manipulating the `page` parameter in the "/index.php" endpoint. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.12-rc4 **Description** The issue is related to the selinux parse skb ipv6 function in the Linux kernel, which allows remote attackers to cause a denial of service via incorrect calls to the ipv6 skip exthdr function. **Recommendations** For Linux kernel versions prior to 2.6.12-rc4, update to version 2.6.12-rc4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GnuTLS versions prior to 2.2.4 GnuTLS versions prior to 2.2.5 **Description** The issue affects the gnutls package in various Linux distributions, including openSUSE and SUSE Linux Enterprise, allowing remote attackers to exploit multiple vulnerabilities and potentially disrupt the confidentiality, integrity, and availability of protected information. The vulnerabilities can be exploited remotely. A specific function, ` gnutls server name recv params`, does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message, leading to a potential buffer overflow in session resumption data. **Recommendations** For versions prior to 2.2.4, update to version 2.2.4 or later. For versions prior to 2.2.5, update to version 2.2.5 or later. As a temporary workaround, consider restricting access to the vulnerable gnutls package until a patch is available.

**Name of the Vulnerable Software and Affected Versions** linux-image-2.6.26-1-486 linux-image-2.6.26-1-parisc-smp linux-image-2.6.26-1-alpha-smp linux-headers-2.6.26-1-486 linux-headers-2.6.26-1-common-vserver linux-image-2.6.26-1-iop32x linux-headers-2.6.26-1-all linux-headers-2.6.26-1-s390x linux-headers-2.6.26-1-sparc64-smp linux-headers-2.6.26-1-alpha-smp linux-image-2.6.26-1-vserver-powerpc linux-headers-2.6.26-1-sparc64 linux-headers-2.6.26-1-r5k-cobalt linux-image-2.6.26-1-xen-amd64 linux-image-2.6.26-1-r5k-ip32 linux-image-2.6.26-1-5kc-malta linux-headers-2.6.26-1-parisc64-smp linux-image-2.6.26-1-vserver-686 linux-image-2.6.26-1-vserver-powerpc64 linux-image-2.6.26-1-vserver-itanium linux-image-2.6.26-1-alpha-generic linux-headers-2.6.26-1-powerpc linux-image-2.6.26-1-r4k-ip22 linux-headers-2.6.26-1-alpha-generic linux-image-2.6.26-1-vserver-mckinley linux-image-2.6.26-1-vserver-amd64 linux-headers-2.6.26-1-vserver-686-bigmem linux-headers-2.6.26-1-all-hppa linux-image-2.6.26-1-parisc64-smp linux-headers-2.6.26-1-all-arm linux-image-2.6.26-1-s390-tape linux-image-2.6.26-1-amd64 linux-headers-2.6.26-1-vserver-s390x linux-headers-2.6.26-1-amd64 linux-headers-2.6.26-1-iop32x linux-support-2.6.26-1 linux-image-2.6.26-1-686 linux-headers-2.6.26-1-xen-686 linux-image-2.6.26-1-powerpc-smp linux-headers-2.6.26-1-all-amd64 linux-image-2.6.26-1-footbridge linux-image-2.6.26-1-parisc64 linux-headers-2.6.26-1-alpha-legacy linux-image-2.6.26-1-686-bigmem linux-headers-2.6.26-1-all-armel linux-headers-2.6.26-1-r4k-ip22 linux-headers-2.6.26-1-all-alpha linux-headers-2.6.26-1-sb1a-bcm91480b linux-headers-2.6.26-1-common-xen linux-image-2.6.26-1-s390x linux-headers-2.6.26-1-mckinley linux-image-2.6.26-1-parisc linux-headers-2.6.26-1-orion5x linux-headers-2.6.26-1-openvz-686 linux-headers-2.6.26-1-vserver-686 linux-image-2.6.26-1-sparc64 linux-headers-2.6.26-1-powerpc64 linux-image-2.6.26-1-itanium linux-image-2.6.26-1-orion5x linux-headers-2.6.26-1-ixp4xx linux-headers-2.6.26-1-all-sparc linux-image-2.6.26-1-openvz-amd64 linux-image-2.6.26-1-ixp4xx linux-headers-2.6.26-1-all-s390 linux-headers-2.6.26-1-parisc64 linux-headers-2.6.26-1-powerpc-smp linux-headers-2.6.26-1-5kc-malta linux-image-2.6.26-1-powerpc64 linux-modules-2.6.26-1-xen-686 linux-headers-2.6.26-1-686 linux-headers-2.6.26-1-sb1-bcm91250a linux-image-2.6.26-1-4kc-malta linux-image-2.6.26-1-s390 linux-headers-2.6.26-1-all-mips linux-modules-2.6.26-1-xen-amd64 linux-headers-2.6.26-1-common linux-headers-2.6.26-1-common-openvz linux-headers-2.6.26-1-openvz-amd64 **Description** The issue is related to multiple vulnerabilities in the Linux kernel, specifically in the Debian GNU/Linux operating system. These vulnerabilities can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of these vulnerabilities can be carried out remotely. A memory leak in the keyctl join session keyring function in the Linux kernel 2.6.29-rc2 and earlier allows local users to cause a denial of service via unknown vectors related to a missing kfree. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.