Bernhard Wiedemann

**Name of the Vulnerable Software and Affected Versions** openSUSE Build service login-proxy-scripts versions prior to dc000cdfe9b9b715fb92195b1a57559362f689ef **Description** A Reliance on Untrusted Inputs in a Security Decision issue in the login proxy of the openSUSE Build service allows attackers to present users with an expected login form that sends clear text credentials to an attacker-specified server. **Recommendations** For openSUSE Build service login-proxy-scripts versions prior to dc000cdfe9b9b715fb92195b1a57559362f689ef, update to a version that includes the fix for this issue to prevent attackers from intercepting clear text credentials. As a temporary workaround, consider restricting access to the login proxy until a patch is available.

**Name of the Vulnerable Software and Affected Versions** cups (Common Unix Printing System) (affected versions not specified) **Description** The issue is related to the 'Listen localhost:631' option in cups not being honored correctly, potentially allowing unauthorized access to the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.