Andreas Stieger

**Name of the Vulnerable Software and Affected Versions** TigerVNC versions prior to 1.11.0 **Description** The issue is related to the mishandling of TLS certificate exceptions in TigerVNC. Viewers store the certificates as authorities, allowing the owner of a certificate to impersonate any server after a client has added an exception. This could enable a remote attacker to access and compromise confidential data. **Recommendations** For TigerVNC versions prior to 1.11.0, update to version 1.11.0 or later to resolve the issue. As a temporary workaround, consider disabling the use of TLS certificate exceptions in the viewer until a patch is available. Restrict access to sensitive data and servers to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GnuPG versions 2.2.21 through 2.2.22 Gpg4win version 3.1.12 **Description** The issue is caused by an array overflow in the g10/key-check.c file, leading to a crash or possibly unspecified other impact when a victim imports an attacker's OpenPGP key with AEAD preferences. **Recommendations** For GnuPG versions 2.2.21 and 2.2.22, update to version 2.2.23 to resolve the issue. For Gpg4win version 3.1.12, update to a version that includes the fix for GnuPG, such as GnuPG 2.2.23. As a temporary workaround, consider avoiding the import of OpenPGP keys with AEAD preferences until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: open build service versions prior to 20170320 Description: The issue allows reading of files outside of the package source directory during build, potentially leading to leakage of private information. This is due to the bs worker code following relative symlinks. Recommendations: For versions prior to 20170320, update to a version 20170320 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: ALT Linux (affected versions not specified) Description: General information about the issue is not provided, except that it concerns a package vulnerability in ALT Linux. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libgit2 versions prior to 0.24.6 libgit2 versions 0.25.x prior to 0.25.1 **Description** A buffer overflow issue exists in the git pkt parse line function in transports/smart pkt.c, which is part of the Git Smart Protocol support in libgit2. This issue allows remote attackers to have an unspecified impact via a crafted non-flush packet. **Recommendations** For libgit2 versions prior to 0.24.6, update to version 0.24.6 or later. For libgit2 versions 0.25.x prior to 0.25.1, update to version 0.25.1 or later.

**Name of the Vulnerable Software and Affected Versions** libgit2 versions prior to 0.24.6 libgit2 versions 0.25.x prior to 0.25.1 **Description** The issue allows remote attackers to cause a denial of service due to a NULL pointer dereference via an empty packet line in the Git Smart Protocol support. **Recommendations** For versions prior to 0.24.6, update to version 0.24.6 or later. For versions 0.25.x prior to 0.25.1, update to version 0.25.1 or later.

**Name of the Vulnerable Software and Affected Versions** libgit2 versions prior to 0.24.6 libgit2 versions 0.25.x prior to 0.25.1 **Description** The issue concerns the http connect function in transports/http.c, which might allow man-in-the-middle attackers to spoof servers. This is due to the clobbering of the error variable, potentially leading to security issues. **Recommendations** For libgit2 versions prior to 0.24.6, update to version 0.24.6 or later. For libgit2 versions 0.25.x prior to 0.25.1, update to version 0.25.1 or later.

**Name of the Vulnerable Software and Affected Versions** GnuTLS versions prior to 3.3.26 GnuTLS versions 3.5.x prior to 3.5.8 **Description** The issue allows remote attackers to cause a denial of service, resulting in an out-of-memory error and crash, via a crafted OpenPGP certificate. **Recommendations** For versions prior to 3.3.26, update to version 3.3.26 or later. For versions 3.5.x prior to 3.5.8, update to version 3.5.8 or later.

**Name of the Vulnerable Software and Affected Versions** dracut versions prior to 045 **Description** A local information disclosure issue was found when generating initramfs images with world-readable permissions, particularly when 'early cpio' is used, such as including microcode updates. This allows a local attacker to obtain sensitive information from these files, including encryption keys or credentials. **Recommendations** For dracut versions prior to 045, update to version 045 or later to resolve the issue. As a temporary workaround, consider restricting access to initramfs images generated with 'early cpio' to minimize the risk of exploitation. Avoid using world-readable permissions when generating these images until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Python versions prior to 2.7.12 **Description** The issue concerns a variable name clash in a CGI script, potentially allowing a remote attacker to redirect HTTP requests. This is related to the `HTTP PROXY` variable. **Recommendations** For versions prior to 2.7.12, consider updating to version 2.7.12 or later to resolve the issue. As a temporary workaround, restrict access to CGI scripts that use the `HTTP PROXY` variable until a patch is applied. Avoid using the `HTTP PROXY` variable in affected CGI scripts until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.3.3 **Description** A race condition exists in the `rds sendmsg` function, allowing local users to cause a denial of service, potentially resulting in a system crash, by utilizing a socket that was not properly bound. This issue is a result of an incomplete fix for a previous problem. **Recommendations** For Linux kernel versions prior to 4.3.3, update to version 4.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `rds sendmsg` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ceph-deploy versions prior to 1.5.25 **Description** The issue concerns the admin command in ceph-deploy, which uses world-readable permissions for the `/etc/ceph/ceph.client.admin.keyring` file. This allows local users to obtain sensitive information by reading the file. **Recommendations** For versions prior to 1.5.25, update to version 1.5.25 or later to resolve the issue. As a temporary workaround, consider changing the permissions of the `/etc/ceph/ceph.client.admin.keyring` file to restrict access until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** ceph-deploy versions prior to 1.5.23 **Description** The issue allows local users to obtain sensitive information by reading the `ceph/ceph.client.admin.keyring` file due to weak permissions (644) used by ceph-deploy. **Recommendations** For versions prior to 1.5.23, update to version 1.5.23 or later to resolve the issue. As a temporary workaround, consider changing the permissions of the `ceph/ceph.client.admin.keyring` file to restrict access until a patch is applied.