Warren Togami

**Name of the Vulnerable Software and Affected Versions** Perl version 5.10.1 **Description** The issue is related to errors in resource release in the Perl programming language interpreter. It may allow a remote attacker to cause a denial of service. Specifically, the problem arises when a UTF-8 character with a large, invalid codepoint is not properly handled during a regular-expression match, potentially leading to an application crash. **Recommendations** For Perl version 5.10.1, consider disabling the use of UTF-8 characters with large codepoints in regular expressions until a patch is available. As a temporary workaround, restrict the input of UTF-8 characters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.23.10 **Description** The issue is related to an integer overflow in the `hrtimer start` function, which can be exploited by local users to execute arbitrary code or cause a denial of service, resulting in a system panic. This can be achieved by providing a large relative timeout value. **Recommendations** For Linux kernel versions prior to 2.6.23.10, update to version 2.6.23.10 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: dircproxy versions 1.2.0 and earlier Description: The issue allows remote attackers to cause a denial of service, resulting in a segmentation fault, by sending an ACTION command without a parameter. This triggers a NULL pointer dereference. An example of this is sending a blank /me message from irssi. Recommendations: For dircproxy versions 1.2.0 and earlier, as a temporary workaround, consider disabling the handling of ACTION commands without parameters until a patch is available.