Christian Heimes

**Name of the Vulnerable Software and Affected Versions** urllib3 versions prior to 1.24.2 **Description** The issue is related to the mishandling of certain cases where the desired set of CA certificates is different from the OS store of CA certificates, resulting in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to the use of the `ssl context`, `ca certs`, or `ca certs dir` argument. The vulnerability may allow a remote attacker to establish an SSL connection despite certificate verification errors. **Recommendations** For versions prior to 1.24.2, update to version 1.24.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `ssl context`, `ca certs`, or `ca certs dir` argument until a patch is available.

**Name of the Vulnerable Software and Affected Versions** sssd versions 1.13.0 through 1.99.99 (since 2.0.0 is the first version not affected, it implies versions before 2.0.0 are vulnerable) **Description** The issue concerns improper restriction of access to the infopipe based on the `allowed uids` configuration parameter. This could lead to the disclosure of sensitive information stored in the user directory to local attackers. **Recommendations** For sssd versions 1.13.0 through 1.99.99, update to version 2.0.0 or later to properly restrict access to the infopipe according to the `allowed uids` configuration parameter.

**Name of the Vulnerable Software and Affected Versions** LibreSSL versions 2.7.0 **Description** The issue arises from the `int x509 param set hosts` function in `lib/libcrypto/x509/x509 vpm.c`, which fails to handle a specific special case of a zero name length. This oversight leads to the silent omission of hostname verification, allowing man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. **Recommendations** For LibreSSL version 2.7.0, update to version 2.7.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Plone versions prior to 4.2.3 Plone versions 4.3 prior to beta 1 **Description** The issue allows remote attackers to obtain random numbers and derive the PRNG state for password resets. This could potentially be used to gain unauthorized access. **Recommendations** For Plone versions prior to 4.2.3, update to version 4.2.3 or later. For Plone versions 4.3 prior to beta 1, update to beta 1 or later.

**Name of the Vulnerable Software and Affected Versions** Zope versions prior to 2.13.19 Plone versions prior to 4.2.3 Plone versions 4.3 before beta 1 **Description** The issue makes it easier for remote attackers to guess the value of the pseudo-random number generator (PRNG) via unspecified vectors, due to the PRNG not being reseeded. **Recommendations** For Zope versions prior to 2.13.19, update to version 2.13.19 or later. For Plone versions prior to 4.2.3, update to version 4.2.3 or later. For Plone versions 4.3 before beta 1, update to beta 1 or later.

**Name of the Vulnerable Software and Affected Versions** Zope versions prior to 2.13.19 Plone versions prior to 4.2.3 Plone version 4.3 before beta 1 **Description** The issue allows remote attackers to obtain passwords due to timing discrepancies in password validation. This is related to the AccessControl/AuthEncoding.py component in Zope. **Recommendations** For Zope versions prior to 2.13.19, update to version 2.13.19 or later. For Plone versions prior to 4.2.3, update to version 4.2.3 or later. For Plone version 4.3 before beta 1, update to beta 1 or later.

**Name of the Vulnerable Software and Affected Versions** Python versions 3.4 and earlier **Description** The issue allows remote attackers to cause a denial of service, specifically memory consumption, via a crafted HTTP request. This is due to a problem in the gzip decode function within the xmlrpc client library. **Recommendations** For versions 3.4 and earlier, consider disabling the `gzip decode` function as a temporary workaround until a patch is available. Restrict access to the xmlrpc client library to minimize the risk of exploitation. Avoid using the xmlrpc client library with untrusted HTTP requests until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** pyOpenSSL versions prior to 0.13.1 **Description** The issue arises from the improper handling of a `0` character in a domain name within the Subject Alternative Name field of an X.509 certificate by the X509Extension in pyOpenSSL. This allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. **Recommendations** For pyOpenSSL versions prior to 0.13.1, update to version 0.13.1 or later to resolve the issue. As a temporary workaround, consider restricting the acceptance of certificates with domain names containing the `0` character in the Subject Alternative Name field.