Richard Maciel Costa

**Name of the Vulnerable Software and Affected Versions** katello versions 3.10 and older **Description** A SQL injection flaw was found in katello's errata-related API, allowing an authenticated remote attacker to craft input data and force a malformed SQL query to the backend database. This can result in the leakage of internal IDs. The issue is related to an incomplete fix for a previous problem. **Recommendations** For versions 3.10 and older, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** policycoreutils version 2.5-11 **Description** The issue allows a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions through a symbolic link attack on filesystems during the context relabeling process. This typically occurs when transitioning the SELinux state from disabled to enabled, either in permissive or enforcing mode. **Recommendations** For policycoreutils version 2.5-11, consider restricting the use of the context relabeling feature until a patch is available, and ensure that SELinux state transitions are carefully managed to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** zsh versions 5.4.2 and earlier **Description** The issue is related to a stack-based buffer overflow in the `checkmailpath` function, located in utils.c. This could allow a local attacker to execute arbitrary code in the context of another user, potentially leading to unauthorized access to confidential data, disruption of data integrity, and denial of service. **Recommendations** For zsh versions 5.4.2 and earlier, consider disabling the `checkmailpath` function as a temporary workaround until a patch is available. Restrict access to sensitive data and ensure proper user privileges to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** zsh versions 5.4.2 and earlier **Description** The issue is related to a stack-based buffer overflow in the `exec.c:hashcmd()` function. This could allow a local attacker to cause a denial of service. The vulnerability is associated with the `hashcmd()` function in the `exec.c` file, which can lead to a buffer overflow, resulting in a denial of service. **Recommendations** For zsh versions 5.4.2 and earlier, consider updating to a version later than 5.4.2 to resolve the issue. As a temporary workaround, consider restricting access to the `hashcmd()` function in the `exec.c` file to minimize the risk of exploitation.