Matthias Weckbecker

**Name of the Vulnerable Software and Affected Versions** thttpd (affected versions not specified) **Description** The issue is related to a local Denial of Service (DoS) condition that can be triggered by specially-crafted .htpasswd files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Python keyring (affected versions not specified) **Description** The issue concerns insecure permissions on new databases created by Python keyring, allowing world-readable files to be created. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** foomatic-rip filter, all versions **Description** The issue arises when the foomatic-rip filter is used insecurely, creating temporary files to store PostScript data while the debug mode is enabled. This can be exploited by a local attacker to conduct symlink attacks, allowing them to overwrite arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter. **Recommendations** For all versions, consider disabling the debug mode to prevent the creation of temporary files that could be exploited for symlink attacks. As a temporary workaround, restrict access to the foomatic-rip filter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SUSE Studio Onsite versions prior to 1.0.3-0.18.1 SUSE Studio Onsite 1.1 Appliance versions prior to 1.1.2-0.25.1 **Description** A vulnerability in SUSE Studio Onsite allows authenticated users to execute arbitrary SQL statements via SQL injection. This issue affects the listing of available software. **Recommendations** For SUSE Studio Onsite versions prior to 1.0.3-0.18.1, update to version 1.0.3-0.18.1 or later. For SUSE Studio Onsite 1.1 Appliance versions prior to 1.1.2-0.25.1, update to version 1.1.2-0.25.1 or later.

**Name of the Vulnerable Software and Affected Versions** Crowbar versions 1.4 and earlier **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `file` parameter to the "/utils" API endpoint. **Recommendations** For Crowbar versions 1.4 and earlier, as a temporary workaround, consider restricting access to the `/utils` API endpoint until a patch is available. Avoid using the `file` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** gimp-libs version 2.6.9 gimp-devel-tools version 2.6.9 gimp-help-browser version 2.6.9 gimp-devel version 2.6.9 gimp-debuginfo version 2.6.9 gimp version 2.6.9 gimp version 2.8.x and earlier **Description** The issue concerns multiple vulnerabilities in the GIMP software package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely, potentially causing a denial of service or allowing the execution of arbitrary code. Specifically, an integer overflow in the ReadImage function in the GIF image format plug-in can trigger a heap-based buffer overflow via crafted height and len properties in a GIF image file. **Recommendations** For gimp-libs version 2.6.9, consider updating to a newer version to mitigate the risk. For gimp-devel-tools version 2.6.9, consider updating to a newer version to mitigate the risk. For gimp-help-browser version 2.6.9, consider updating to a newer version to mitigate the risk. For gimp-devel version 2.6.9, consider updating to a newer version to mitigate the risk. For gimp-debuginfo version 2.6.9, consider updating to a newer version to mitigate the risk. For gimp version 2.6.9, consider updating to a newer version to mitigate the risk. For gimp version 2.8.x and earlier, consider updating to a version later than 2.8.x to mitigate the risk. As a temporary workaround, consider restricting the use of the GIF image format plug-in until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenStack Compute (Nova) versions 2012.1 through 2012.2 **Description** The issue allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the `path` attribute of a file element, specifically in `virt/disk/api.py`, when used over libvirt-based hypervisors. **Recommendations** For versions 2012.1 and 2012.2, consider restricting access to the `virt/disk/api.py` module to minimize the risk of exploitation. As a temporary workaround, avoid using the `path` attribute of a file element in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenStack Dashboard (Horizon) versions folsom-1 and 2012.1 and earlier **Description** The issue is related to a cross-site scripting (XSS) vulnerability in the refresh mechanism of the log viewer. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the guest console. The vulnerability is located in the horizon/static/horizon/js/horizon.js file. **Recommendations** For OpenStack Dashboard (Horizon) versions folsom-1 and 2012.1 and earlier, consider disabling the log viewer refresh mechanism until a patch is available. Restrict access to the guest console to minimize the risk of exploitation. Avoid using the guest console in the log viewer until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Qt versions prior to 4.7.4 **Description** The issue is related to a buffer overflow in the TIFF reader, which can be triggered by a greyscale TIFF image with multiple samples per pixel, specifically via the TIFFTAG SAMPLESPERPIXEL tag. This can cause a denial of service (crash) and potentially allow the execution of arbitrary code. The vulnerability can be exploited remotely, potentially leading to a breach of confidentiality, integrity, and availability of protected information. **Recommendations** For Qt versions prior to 4.7.4, update to version 4.7.4 or later to resolve the issue. As a temporary workaround, consider restricting the handling of TIFF images with multiple samples per pixel to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** openSUSE versions prior to March 11, 2011 open build service version 2.1 **Description** The issue is related to incorrect code generation management in openSUSE, allowing a remote attacker to inject arbitrary code when running some source services. **Recommendations** For openSUSE versions prior to March 11, 2011, update to a version released after March 11, 2011. For open build service version 2.1, consider disabling the affected services until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Net::Ping::External versions through 0.15 **Description** The issue is related to the lack of input sanitization in the Net::Ping::External extension for Perl, specifically with regards to shell metacharacters in arguments such as invalid hostnames. This allows for shell command injection and arbitrary command execution if untrusted input is used. The vulnerability can be exploited by a remote attacker to execute arbitrary commands using shell metacharacters. **Recommendations** For versions through 0.15, consider disabling the use of backticks in External.pm or restricting input to trusted sources until a patch is available. As a temporary workaround, avoid using untrusted input for the `hostname` variable in the affected API endpoint. Restrict access to the vulnerable Net::Ping::External extension to minimize the risk of exploitation.