Thoger

**Name of the Vulnerable Software and Affected Versions** ruby193 (affected versions not specified) **Description** The issue is related to an insecure setting of the LD LIBRARY PATH environment variable in ruby193. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Snoopy (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary commands. This is a result of an incomplete fix for a previous security issue. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.4.42 PHP versions 5.5.x prior to 5.5.26 PHP versions 5.6.x prior to 5.6.10 **Description** The issue is related to the lack of checking for `%00` sequences in path names, which can be exploited by a remote attacker to read or write to arbitrary files. This can be achieved by providing specially crafted input to an application that uses the `DOMDocument` save method or the `GD` `imagepsloadfont` function. For example, an attack using a filename like `filename0.html` could bypass intended configuration restrictions, such as only allowing clients to write to `.html` files. **Recommendations** For PHP versions prior to 5.4.42, update to version 5.4.42 or later. For PHP versions 5.5.x prior to 5.5.26, update to version 5.5.26 or later. For PHP versions 5.6.x prior to 5.6.10, update to version 5.6.10 or later. As a temporary workaround, consider restricting the use of the `DOMDocument` save method and the `GD` `imagepsloadfont` function until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.4.41 PHP versions 5.5.x prior to 5.5.25 PHP versions 5.6.x prior to 5.6.9 **Description** The issue is related to an error in handling file paths containing the x00 character. This can allow a remote attacker to gain unauthorized access to files or directories. The vulnerability can be exploited by providing a crafted argument to functions such as `set include path`, `tempnam`, `rmdir`, or `readlink`. **Recommendations** For PHP versions prior to 5.4.41, update to version 5.4.41 or later. For PHP versions 5.5.x prior to 5.5.25, update to version 5.5.25 or later. For PHP versions 5.6.x prior to 5.6.9, update to version 5.6.9 or later.

**Name of the Vulnerable Software and Affected Versions** Jinja2 version 2.7.2 Jinja2 versions prior to 2.7.2 **Description** The FileSystemBytecodeCache in Jinja2 does not properly create temporary directories, allowing local users to gain privileges by pre-creating a temporary directory with a user's uid. This issue exists due to an incomplete fix for a previous problem. **Recommendations** For Jinja2 version 2.7.2, update to a version that properly fixes the temporary directory creation issue. For Jinja2 versions prior to 2.7.2, update to version 2.7.2 or later to ensure proper temporary directory creation. As a temporary workaround, consider restricting access to the FileSystemBytecodeCache to minimize the risk of exploitation.