Alan Cox

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions 9.0 through 9.1-RELEASE-p4 **Description** The issue concerns the `vm map lookup` function in the kernel's mmap implementation, which fails to properly determine whether a task should have write access to a memory location. This allows local users to bypass filesystem write permissions and gain privileges by leveraging read permissions through a crafted application that makes `mmap` and `ptrace` system calls. **Recommendations** For FreeBSD versions 9.0 through 9.1-RELEASE-p4, consider restricting access to the `vm map lookup` function until a patch is available. As a temporary workaround, avoid using the `mmap` and `ptrace` system calls in applications that require elevated privileges.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.4.8 **Description** The issue allows local users to cause a denial of service, resulting in a system crash due to a NULL pointer dereference. This is achieved through an IPOPT CIPSO IP OPTIONS setsockopt system call. The `cipso v4 validate` function in `net/ipv4/cipso ipv4.c` is the vulnerable component. **Recommendations** For Linux kernel versions prior to 3.4.8, update to version 3.4.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the `setsockopt` system call to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel version 2.6.36 Linux kernel versions 2.6.9 **Description** The issue is related to the Linux kernel, specifically the HCI UART driver, where the hci uart tty open function does not verify whether the tty has a write operation. This allows local users to cause a denial of service via vectors related to the Bluetooth driver. Additionally, multiple vulnerabilities have been identified in various Linux kernel packages, including kernel-devel, kernel-doc, kernel-hugemem, kernel-largesmp, and kernel-smp, which can lead to confidentiality, integrity, and availability breaches. These vulnerabilities can be exploited remotely. **Recommendations** For Linux kernel version 2.6.36, consider disabling the hci uart tty open function as a temporary workaround until a patch is available. For Linux kernel versions 2.6.9, restrict access to the vulnerable kernel packages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.34 **Description** A race condition exists in the hvc close function, which can be exploited by local users to cause a denial of service or possibly have other unspecified impacts. This issue is related to the hvc open and hvc remove functions and occurs when closing a Hypervisor Virtual Console device. **Recommendations** For Linux kernel versions prior to 2.6.34, update to version 2.6.34 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Linux versions 2.4 and 2.5 Description: The kernel strncpy function does not %NUL pad the buffer on architectures other than x86, contrary to the expected behavior of strncpy as implemented in libc. This discrepancy could lead to information leaks. Recommendations: For Linux versions 2.4 and 2.5, consider applying a patch or modification to the kernel strncpy function to ensure %NUL padding of the buffer on all architectures. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NetPBM versions 9.20 and earlier **Description** The issue involves multiple vulnerabilities that can be exploited remotely, potentially leading to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities may cause a denial of service or allow the execution of arbitrary code via maths overflow errors, including integer signedness errors or integer overflows that lead to buffer overflows. **Recommendations** For versions 9.20 and earlier, update to a version later than 9.20 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability for other affected versions.

**Name of the Vulnerable Software and Affected Versions** gtkhtml versions prior to 1.1.10 **Description** The issue is related to multiple vulnerabilities in the gtkhtml package, which can lead to a denial of service (crash) due to a null pointer dereference when a malformed message is processed. This can be exploited remotely, potentially disrupting the availability of protected information. **Recommendations** For versions prior to 1.1.10, update to version 1.1.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the `gtkhtml` package until a patch is available.