Tomas Hoger

**Name of the Vulnerable Software and Affected Versions** device-mapper-multipath (affected versions not specified) **Description** A local privilege escalation issue exists, allowing local users to obtain root access by exploiting a flaw in the handling of UNIX domain sockets. This can be achieved by manipulating the multipath setup, taking advantage of the mishandling of repeated keywords when arithmetic ADD is used instead of bitwise OR. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do software vulnerável e versões afetadas** IcedTea-Web (versões afetadas não especificadas) **Descrição** A vulnerabilidade permite que um site malicioso contorne as verificações da Política de Mesma Origem (SOP) por meio de um valor falsificado do atributo `codebase`. Isso é possível porque o IcedTea-Web utiliza o atributo codebase da tag <applet> na página HTML que hospeda o applet Java nas verificações da SOP, e o codebase especificado não precisa corresponder à origem real do applet. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas: Versões do Jasper anteriores à 2.0.26 Descrição: Foi identificada uma falha de desreferência de ponteiro NULL na forma como o Jasper processava referências a componentes na caixa CDEF do decodificador do formato de imagem JP2. Um arquivo de imagem JP2 especialmente criado poderia causar a falha de um aplicativo que utilizasse a biblioteca Jasper ao ser aberto. Recomendações: Para versões do Jasper anteriores à 2.0.26, atualize para a versão 2.0.26 ou posterior para resolver o problema. Como solução temporária, considere evitar o uso de arquivos de imagem JP2 em aplicativos que utilizam a biblioteca Jasper até que um patch seja aplicado.

**Name of the Vulnerable Software and Affected Versions** dhcpv6 project through 2011-07-25 **Description** The issue allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. This is a result of the DHCPv6 client (dhcp6c) not properly sanitizing hostnames received from DHCP messages, allowing an attacker to inject shell metacharacters and execute commands on the client system. **Recommendations** For versions of the dhcpv6 project through 2011-07-25, consider disabling the dhcp6c client until a patch is available to prevent remote execution of arbitrary commands. Restrict access to the dhcp6c client to minimize the risk of exploitation. Avoid using hostnames that may contain shell metacharacters in DHCP messages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ruby193 (affected versions not specified) **Description** The issue is related to an insecure setting of the LD LIBRARY PATH environment variable in ruby193. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** xpdf (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash in xpdf-based PDF viewers, due to an infinite loop in the xref table. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tomcat package on Red Hat Enterprise Linux (RHEL) versions 5 through 7 JBoss Web Server version 3.0 JBoss EWS version 2 **Description** The issue is related to weak permissions for certain configuration files, specifically (1) `/etc/sysconfig/tomcat` and (2) `/etc/tomcat/tomcat.conf`. This weakness allows local users to gain privileges by leveraging membership in the `tomcat` group. **Recommendations** For Tomcat package on Red Hat Enterprise Linux (RHEL) versions 5 through 7, consider restricting access to the `/etc/sysconfig/tomcat` and `/etc/tomcat/tomcat.conf` files to prevent local users from gaining privileges. For JBoss Web Server version 3.0, restrict access to the `/etc/sysconfig/tomcat` and `/etc/tomcat/tomcat.conf` files to minimize the risk of exploitation. For JBoss EWS version 2, restrict access to the `/etc/sysconfig/tomcat` and `/etc/tomcat/tomcat.conf` files to prevent local users from gaining privileges.

**Name of the Vulnerable Software and Affected Versions** setroubleshoot versions prior to 3.2.23 **Description** The issue allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name. This is related to executing external commands with the `commands.getstatusoutput` function in the `fix lookup id` function in sealert. **Recommendations** For versions prior to 3.2.23, update to version 3.2.23 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `fix lookup id` function in sealert until a patch is available.

**Name of the Vulnerable Software and Affected Versions** setroubleshoot (affected versions not specified) **Description** The issue allows local users to bypass an intended container protection mechanism and execute arbitrary commands. This can be achieved by triggering an SELinux denial with a crafted file name, handled by the ` set tpath` function, or via a crafted `local id` or `analysis id` field in a crafted XML document to the `run fix` function. The vulnerability is related to the `subprocess.check output` and `commands.getstatusoutput` functions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PCRE versions prior to 8.39 PCRE2 versions prior to 10.22 **Description** The issue arises from the `compile branch` function in `pcre compile.c` and `pcre2 compile.c`, which mishandles patterns containing an `(*ACCEPT)` substring in conjunction with nested parentheses. This allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression. The vulnerability has been demonstrated by a JavaScript `RegExp` object encountered by Konqueror. **Recommendations** For PCRE versions prior to 8.39, update to version 8.39 or later to resolve the issue. For PCRE2 versions prior to 10.22, update to version 10.22 or later to resolve the issue. As a temporary workaround, consider restricting the use of nested parentheses in conjunction with `(*ACCEPT)` substrings in regular expressions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenJDK8 versions as packaged in Red Hat Enterprise Linux 6 and 7 **Description** The issue allows local users to write to arbitrary files via a symlink attack on the Hotspot component. **Recommendations** For OpenJDK8 versions as packaged in Red Hat Enterprise Linux 6 and 7, consider restricting access to the Hotspot component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** gdk-pixbuf versions prior to 2.31.2 **Description** The issue is related to a buffer overflow in the GIF loader when initializing decompression tables. This occurs due to an input validation flaw, which can be exploited. **Recommendations** For versions prior to 2.31.2, update to version 2.31.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** IBM SDK, Java Technology Edition versions 5.0 before SR16-FP9 IBM SDK, Java Technology Edition versions 6 before SR16-FP3 IBM SDK, Java Technology Edition versions 6R1 before SR8-FP3 IBM SDK, Java Technology Edition versions 7 before SR8-FP10 IBM SDK, Java Technology Edition versions 7R1 before SR2-FP10 **Description** The issue allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager. This is part of a broader set of vulnerabilities addressed in Oracle's February 2015 Critical Patch Update. **Recommendations** For IBM SDK, Java Technology Edition version 5.0, update to SR16-FP9 or later. For IBM SDK, Java Technology Edition version 6, update to SR16-FP3 or later. For IBM SDK, Java Technology Edition version 6R1, update to SR8-FP3 or later. For IBM SDK, Java Technology Edition version 7, update to SR8-FP10 or later. For IBM SDK, Java Technology Edition version 7R1, update to SR2-FP10 or later.

**Name of the Vulnerable Software and Affected Versions** ruby-lang ruby (affected versions not specified) **Description** The issue is related to a problem in ruby-lang ruby. No specific details about the nature of the issue or its potential impact are provided. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GnuTLS versions prior to 2.7.6 **Description** The issue allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates. This occurs when the GNUTLS VERIFY ALLOW X509 V1 CA CRT flag is not enabled, causing version 1 X.509 certificates to be treated as intermediate CAs. **Recommendations** For versions prior to 2.7.6, update to version 2.7.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Oracle Java SE versions 5.0u55, 6u65, and 7u45 Java SE Embedded version 7u45 OpenJDK version 7 **Description** The issue affects confidentiality and is related to vectors connected to CORBA. It is noted that Oracle has not commented on claims that the problem is related to an incorrect check for code permissions by CORBA stub factories. **Recommendations** For Oracle Java SE versions 5.0u55, 6u65, and 7u45, update to a version that is not affected by this issue. For Java SE Embedded version 7u45, update to a version that is not affected by this issue. For OpenJDK version 7, update to a version that is not affected by this issue. As a temporary workaround, consider restricting access to CORBA-related functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Oracle Java SE versions 6u65 and 7u45 Java SE Embedded version 7u45 OpenJDK version 7u45 **Description** The issue affects the integrity of data and is related to the Security component. It allows remote attackers to exploit the vulnerability via unknown vectors. There are claims that the CanonicalizerBase.java in the XML canonicalizer is involved, potentially allowing untrusted code to access mutable byte arrays. However, Oracle has not commented on these claims. **Recommendations** For Oracle Java SE versions 6u65 and 7u45, update to a version that is not affected by this issue. For Java SE Embedded version 7u45, update to a version that is not affected by this issue. For OpenJDK version 7u45, update to a version that is not affected by this issue. As a temporary workaround, consider restricting access to the Security component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Oracle Java SE versions 5.0u55, 6u65, and 7u45 JRockit versions R27.7.7 and R28.2.9 Java SE Embedded version 7u45 OpenJDK version 7 **Description** The issue allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. It is reportedly an XML External Entity (XXE) vulnerability in DocumentHandler.java, related to Beans decoding, although Oracle has not commented on this. The vulnerability can be exploited by a remote attacker to disrupt confidentiality and integrity of data using the Beans component. **Recommendations** For Oracle Java SE versions 5.0u55, 6u65, and 7u45, update to a version that is not affected by this issue. For JRockit versions R27.7.7 and R28.2.9, update to a version that is not affected by this issue. For Java SE Embedded version 7u45, update to a version that is not affected by this issue. For OpenJDK version 7, update to a version that is not affected by this issue. As a temporary workaround, consider disabling the Beans component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Oracle Java SE versions 5.0u55, 6u65, and 7u45 JRockit versions R27.7.7 and R28.2.9 Java SE Embedded version 7u45 OpenJDK version 7 **Description** The issue affects confidentiality, integrity, and availability via unknown vectors related to 2D. It is reportedly due to incorrect input validation in the ICU Layout Engine, which allows attackers to cause a denial of service or possibly execute arbitrary code via a crafted font file. **Recommendations** For Oracle Java SE versions 5.0u55, 6u65, and 7u45, update to a version that is not affected by this issue. For JRockit versions R27.7.7 and R28.2.9, update to a version that is not affected by this issue. For Java SE Embedded version 7u45, update to a version that is not affected by this issue. For OpenJDK version 7, update to a version that is not affected by this issue. As a temporary workaround, consider disabling the use of crafted font files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GnuTLS versions 3.1.x through 3.1.15 GnuTLS versions 3.2.x through 3.2.5 **Description** The issue is caused by an off-by-one error in the `dane raw tlsa` function of the DANE library (libdane) in GnuTLS. This error allows remote servers to cause a denial of service (memory corruption) by sending a response with more than four DANE entries. **Recommendations** For GnuTLS versions 3.1.x through 3.1.15, update to version 3.1.16 or later. For GnuTLS versions 3.2.x through 3.2.5, update to version 3.2.6 or later.