Seth Arnold

**Nome do Software Vulnerável e Versões Afetadas** linux-bluefield (versões afetadas não especificadas) **Descrição** O problema é acionado por um ataque DDoS na porta TCP 22, causando uma falha no kernel. Este problema surge do backport de um commit relacionado ao `nft lookup` sem incluir correções subsequentes. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Nome do software vulnerável e versões afetadas** bcc (versões afetadas não especificadas) **Descrição** O problema ocorre quando é necessário extrair cabeçalhos do kernel e o bcc tenta carregá-los a partir de um diretório temporário. Um invasor sem privilégios poderia explorar essa vulnerabilidade para forçar o bcc a carregar cabeçalhos do Linux comprometidos. No entanto, as distribuições Linux que fornecem cabeçalhos do kernel por padrão não são afetadas. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** bpftrace (versões afetadas não especificadas) **Descrição** A vulnerabilidade permite que um invasor sem privilégios force o bbc a carregar cabeçalhos do Linux comprometidos caso seja necessário extrair cabeçalhos do kernel e estes não sejam fornecidos por padrão. Isso pode ocorrer porque o bpftrace tenta carregar os cabeçalhos a partir de um diretório temporário. As distribuições Linux que fornecem cabeçalhos do kernel por padrão não são afetadas. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Nome do software vulnerável e versões afetadas** AccountsService (versões afetadas não especificadas) **Descrição** O problema está relacionado a um controle de acesso insuficiente no AccountsService do sistema operacional Ubuntu. Isso pode permitir que um invasor provoque uma negação de serviço. O problema é que o AccountsService não reduz mais as permissões ao gravar o arquivo .pam environment. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Smokeping versions prior to 2.6.9 **Description** The issue is related to an incomplete fix for a previously identified problem, leading to a potential security concern. **Recommendations** For versions prior to 2.6.9, update to version 2.6.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** LXD versions prior to 0.19-0ubuntu5 **Description** The issue arises from a race condition between `chown` and `chmod` operations during a container filesystem shift. This could allow an attacker to change the mode of any file on the system, rather than the expected path, by creating a symbolic link in a specific window. The `doUidshiftIntoContainer()` function has an unsafe `Chmod()` call that races against the stat in the `Filepath.Walk()` function. **Recommendations** For versions prior to 0.19-0ubuntu5, update to version 0.19-0ubuntu5 or later to resolve the issue. As a temporary workaround, consider restricting access to the `doUidshiftIntoContainer()` function until a patch is available. Avoid using the `Chmod()` call in the affected `Filepath.Walk()` function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** thermald (affected versions not specified) **Description** The issue allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid, potentially leading to unauthorized data modification. This is due to a flaw in the main function in android main.cpp. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: spice-vdagent versions up to and including 0.17.0 Description: The issue allows a local attacker with access to the session the agent runs in to inject arbitrary commands to be executed, due to the spice-vdagent not properly escaping the save directory before passing it to the shell. Recommendations: For spice-vdagent versions up to and including 0.17.0, update to a version later than 0.17.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** IPPUSBXD versions prior to 1.22 **Description** The issue allows remote attackers to obtain access to USB connected printers via a direct request, as IPPUSBXD listens on all interfaces. **Recommendations** For versions prior to 1.22, update to version 1.22 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apache Axis2/C (affected versions not specified) **Description** The issue concerns a failure to verify the server hostname against the domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate. This allows attackers to spoof SSL servers by using any valid certificate, potentially leading to man-in-the-middle attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** shadow versions prior to 4.5 **Description** The issue is related to the newusers tool in the shadow utility, which can be manipulated with malformed input, leading to crashes or unspecified behaviors due to buffer overflow or memory corruption. This can cross a privilege boundary, particularly in web-hosting environments where an unprivileged user can create subaccounts through a Control Panel. The exploitation of this issue may allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For shadow versions prior to 4.5, consider restricting access to the newusers tool to prevent unintended manipulation of internal data structures until a fixed version is available. As a temporary workaround, limit the creation of subaccounts in web-hosting environments to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Django versions 1.4 through 1.4.12 Django versions 1.5 through 1.5.7 Django versions 1.6 through 1.6.4 Django versions 1.7 before 1.7b4 **Description** The issue allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers, due to the improper inclusion of the `Vary: Cookie` or `Cache-Control` header in responses. **Recommendations** For Django versions 1.4 through 1.4.12, update to version 1.4.13 or later. For Django versions 1.5 through 1.5.7, update to version 1.5.8 or later. For Django versions 1.6 through 1.6.4, update to version 1.6.5 or later. For Django versions 1.7 before 1.7b4, update to version 1.7b4 or later.

**Name of the Vulnerable Software and Affected Versions** OpenJPEG versions prior to 1.5.2 **Description** The issue concerns multiple vulnerabilities in the OpenJPEG package, which can be exploited remotely. This exploitation may lead to a breach of confidentiality, integrity, and availability of protected information. Technical details include a stack-based buffer overflow in OpenJPEG before version 1.5.2, allowing remote attackers to have an unspecified impact via unknown vectors to files such as `lib/openjp3d/opj jp3d compress.c`, `bin/jp3d/convert.c`, or `lib/openjp3d/event.c`. **Recommendations** For OpenJPEG versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable components until a patch is applied.