Alexander Cherepanov

**Name of the Vulnerable Software and Affected Versions** ppmd versions 10.1 through 10.1-5 **Description** A directory traversal issue exists. **Recommendations** For ppmd versions 10.1 through 10.1-5, update to a version that fixes this issue.

**Name of the Vulnerable Software and Affected Versions** ha version 0.999p+dfsg-5 **Description** The issue concerns multiple directory traversal vulnerabilities. **Recommendations** For ha version 0.999p+dfsg-5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** glibc versions prior to 2.24 **Description** The issue is related to a stack-based buffer overflow in the glob implementation of the GNU C Library. This occurs when GLOB ALTDIRFUNC is used, allowing context-dependent attackers to cause a denial of service, resulting in a crash via a long name. **Recommendations** For versions prior to 2.24, update to version 2.24 or later to resolve the issue. As a temporary workaround, consider avoiding the use of long names when GLOB ALTDIRFUNC is enabled until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Oracle Java SE versions 5.0u81, 6u91, 7u76, and 8u40 IBM SSL/TLS implementations (affected versions not specified) **Description** The issue allows remote attackers to affect the integrity and availability of data. It is related to the Tools component in Oracle Java SE. Additionally, a vulnerability in IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections, facilitating brute-force decryption of TLS/SSL traffic using man-in-the-middle techniques. **Recommendations** For Oracle Java SE versions 5.0u81, 6u91, 7u76, and 8u40, update to a version that addresses the issue in the Tools component. For IBM SSL/TLS implementations, restrict the use of RSA temporary keys in non-export RSA key exchange ciphersuites to prevent SSL/TLS connection downgrades. As a temporary workaround, consider disabling the use of RSA temporary keys in RSA key exchange ciphersuites until a patch is available.

**Name of the Vulnerable Software and Affected Versions** file versions prior to 5.22 PHP versions prior to 5.4.37 PHP versions 5.5.x prior to 5.5.21 PHP versions 5.6.x prior to 5.6.5 **Description** The issue is related to the readelf.c module in the file component, specifically in the Fileinfo component used by PHP. It involves incomplete reading of available data during a pread call, which can be exploited by a remote attacker. This exploitation can lead to a denial of service due to access to uninitialized memory or potentially have other unspecified impacts on the system. The attack can be carried out using a specially crafted ELF file. **Recommendations** For file versions prior to 5.22, update to version 5.22 or later. For PHP versions prior to 5.4.37, update to version 5.4.37 or later. For PHP versions 5.5.x prior to 5.5.21, update to version 5.5.21 or later. For PHP versions 5.6.x prior to 5.6.5, update to version 5.6.5 or later.

**Name of the Vulnerable Software and Affected Versions** libarchive versions 3.1.2 and earlier **Description** The issue allows remote attackers to write to arbitrary files via a full pathname in an archive. This is due to an absolute path traversal vulnerability in bsdcpio. **Recommendations** For libarchive versions 3.1.2 and earlier, update to a version later than 3.1.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** cabextract versions prior to 1.6 **Description** The issue allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash, due to improper checking for leading slashes when extracting files. **Recommendations** For versions prior to 1.6, update to version 1.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of cabextract to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** cpio version 2.11 **Description** The issue allows local users to write to arbitrary files via a symlink attack on a file in an archive when the --no-absolute-filenames option is used. **Recommendations** For cpio version 2.11, avoid using the --no-absolute-filenames option until a patch is available. As a temporary workaround, consider restricting access to archives that may contain symlinks to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** pxz version 4.999.99 Beta 3 **Description** A race condition exists due to weak file permissions for the output file when compressing a file. This allows local users to bypass the intended access restrictions before the permission is changed to match the original file. **Recommendations** For pxz version 4.999.99 Beta 3, consider changing the file permissions manually after compression to match the original file's permissions until a patch is available. As a temporary workaround, restrict access to the output file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** kgb version 1.0b4 **Description** The issue allows remote attackers to write to arbitrary files via a full pathname in a crafted archive, due to an absolute path traversal vulnerability. **Recommendations** For version 1.0b4, consider restricting access to archive processing functionality until a patch is available. As a temporary workaround, avoid using the archive feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** pigz version 2.3.1 **Description** The issue allows remote attackers to write to arbitrary files via a full pathname or .. (dot dot) in an archive, potentially leading to unauthorized file access or modification. **Recommendations** For pigz version 2.3.1, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** pax version 1:20140703 **Description** The issue allows remote attackers to write to arbitrary files via a symlink attack in an archive. **Recommendations** For version 1:20140703, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** pax version 1:20140703 **Description** The issue allows remote attackers to write to arbitrary files via a full pathname or .. (dot dot) in an archive. This is due to multiple directory traversal vulnerabilities. **Recommendations** For version 1:20140703, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** file versions 5.16 through 5.21 **Description** The ELF parser in the file software allows remote attackers to cause a denial of service via a long string. **Recommendations** For versions 5.16 through 5.21, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** file versions 5.08 through 5.21 **Description** The ELF parser in the file software allows remote attackers to cause a denial of service via a large number of notes. **Recommendations** For file versions 5.08 through 5.21, update to a version that contains a fix for this issue.