Stefan Bã¼Hler

**Name of the Vulnerable Software and Affected Versions** GnuTLS versions prior to 3.4.15 GnuTLS versions 3.5.x prior to 3.5.4 **Description** The issue concerns the `gnutls ocsp resp check crt` function, which does not verify the serial length of an OCSP response. This could potentially allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by `gnutls malloc`. **Recommendations** For GnuTLS versions prior to 3.4.15, update to version 3.4.15 or later. For GnuTLS versions 3.5.x prior to 3.5.4, update to version 3.5.4 or later.

**Name of the Vulnerable Software and Affected Versions** lighttpd versions prior to 1.4.28 **Description** The issue allows local users to hijack the PHP control socket and perform unauthorized actions, such as forcing the use of a different version of PHP via a symlink attack or a race condition, due to a configuration file for the FastCGI PHP support creating a socket file with a predictable name in /tmp. **Recommendations** For versions prior to 1.4.28, update to version 1.4.28 or later to resolve the issue. As a temporary workaround, consider restricting access to the /tmp directory to minimize the risk of exploitation.