Spanky

**Name of the Vulnerable Software and Affected Versions** Sun xVM VirtualBox versions 2.0.0 through 2.1.4 **Description** The issue allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT RPATH:$ORIGIN. **Recommendations** For versions 2.0.0 through 2.1.4, consider restricting access to the setuid/setgid bits to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** mpeg-tools versions prior to 1.5b-r2 **Description** The issue allows local users to overwrite arbitrary files via insecure creation of multiple temporary files, including those named ts.stat, ts.mpg, foobar, blockbar, or foobar[NNN]. **Recommendations** For versions prior to 1.5b-r2, update to version 1.5b-r2 or later to resolve the issue. As a temporary workaround, consider restricting access to the temporary file creation process to minimize the risk of exploitation.