Bill Allombert

Name of the Vulnerable Software and Affected Versions: libapache2-svn version 1.3.0-4 Description: The issue is related to an untrusted search path vulnerability in libapache2-svn for Subversion in Debian GNU/Linux. This vulnerability involves RPATH values under the /tmp/svn directory for the (1) mod authz svn.so and (2) mod dav svn.so modules. It might allow local users to gain privileges by installing malicious libraries in that directory. Recommendations: For libapache2-svn version 1.3.0-4, consider restricting access to the /tmp/svn directory to prevent local users from installing malicious libraries. As a temporary workaround, restrict the use of the mod authz svn.so and mod dav svn.so modules until a patch is available.

Name of the Vulnerable Software and Affected Versions: libgpib-perl version 3.2.06-2 Description: The issue is related to an untrusted search path vulnerability. It involves the LinuxGpib.so module having an RPATH value under the /tmp/buildd directory. This could potentially allow local users to gain privileges by installing malicious libraries in that directory. Recommendations: For libgpib-perl version 3.2.06-2, consider restricting access to the /tmp/buildd directory to prevent local users from installing malicious libraries. As a temporary workaround, avoid using the LinuxGpib.so module until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: libtunepimp-perl version 0.4.2-1 Description: The issue is related to an untrusted search path vulnerability. It involves the tunepimp.so module having an RPATH value under the /tmp/buildd directory. This could potentially allow local users to gain privileges by installing malicious libraries in that directory. Recommendations: For libtunepimp-perl version 0.4.2-1, consider restricting access to the /tmp/buildd directory to prevent malicious library installations until a fix is available.

**Name of the Vulnerable Software and Affected Versions** amaya version 9.2.1 **Description** The issue allows local users to gain privileges via a malicious library. **Recommendations** For amaya version 9.2.1, consider restricting access to the vulnerable library path to minimize the risk of exploitation.