Dirk Mueller

**Name of the Vulnerable Software and Affected Versions** libzypp versions prior to 17.38.9-1.1 **Description** The `PluginScript` function attempts to use `chroot` to restrict the plugin to the `repoManagerRoot`. In standard configurations or when the `--root` option is used, this root is often set to `/` (the system root). When the chroot target is `/`, the operation has no effect, which allows a traversed path to execute host binaries, such as `/bin/bash`, with root privileges. **Recommendations** Update to version 17.38.9-1.1.

**Name of the Vulnerable Software and Affected Versions** haveged (affected versions not specified) **Description** A privilege escalation issue exists via the command socket. The software verifies the connecting peer's user ID using `SO PEERCRED` and sends a NAK response to non-root callers. However, execution continues after the NAK response is sent, which allows for a local root exploit. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1 SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3 SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1 SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4 SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3 **Description** The issue is related to improper privilege management in crowbar, allowing root users on any crowbar managed node to gain root access on any other node. This is a least privilege violation vulnerability. **Recommendations** For SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, update to a version that includes the fix. For SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, update to a version that includes the fix. For SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, update to a version that includes the fix. For SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, update to a version that includes the fix. For SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, update to a version that includes the fix.

**Name of the Vulnerable Software and Affected Versions** Amarok (affected versions not specified) **Description** The issue is related to the ruby handlers in the Magnatune component, which do not properly quote text in certain contexts. This could potentially include the construction of an unzip command line, allowing attackers to execute arbitrary commands via shell metacharacters. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: xdm versions prior to 1.0.4-r1 Description: The issue concerns multiple vulnerabilities in the xdm package, which can be exploited locally to compromise the confidentiality, integrity, and availability of protected information. Specifically, the X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, do not check the return values for setuid and seteuid calls when attempting to drop privileges. This might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit. Recommendations: For xdm versions prior to 1.0.4-r1, update to version 1.0.4-r1 or later to resolve the issue. As a temporary workaround, consider restricting access to the xdm package to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: pdfkit.framework versions prior to the fixed version kdegraphics versions prior to 3.4.3-r4 Description: The issue involves multiple vulnerabilities in the pdfkit.framework package of Debian GNU/Linux and kdegraphics package of Gentoo Linux. These vulnerabilities can be exploited remotely, potentially leading to a breach of confidentiality, integrity, and availability of protected information. Specifically, a heap-based buffer overflow in Splash.cc, as used in xpdf and other products including pdfkit.framework and kdegraphics, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images. Recommendations: For pdfkit.framework, update to a version that contains a fix for this issue. For kdegraphics versions prior to 3.4.3-r4, update to version 3.4.3-r4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable pdfkit.framework and kdegraphics packages until a patch is available.

**Name of the Vulnerable Software and Affected Versions** KDE versions 3.2.x through 3.4.0 **Description** The issue affects the Kate and Kwrite applications, where they do not properly set the same permissions on the backup file as were set on the original file. This could allow local users and possibly remote attackers to obtain sensitive information. **Recommendations** For KDE versions 3.2.x through 3.4.0, consider updating the permissions handling in the Kate and Kwrite applications to match the original file's permissions for backup files, or apply a configuration change to restrict access to sensitive information until a proper fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** kdepim versions 3.1.0 through 3.1.4 **Description** The issue is related to a buffer overflow in the VCF file information reader, which allows attackers to execute arbitrary code via a VCF file. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be done remotely. **Recommendations** For versions 3.1.0 through 3.1.4, update to a version outside of this range to mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly earlier versions, allows local users to cause a core dump in scheme and possibly gain privileges via certain environment variables, a different vulnerability than CVE-2001-0797 and CVE-1999-0028.

**Name of the Vulnerable Software and Affected Versions** libqt3-mt-dev versions prior to 3.3.8 libqt3c102-mt-ibase versions prior to 3.3.8 qt3-dev-tools versions prior to 3.3.8 libqt3c102-mt-mysql versions prior to 3.3.8 libqt3c102-mt-psql versions prior to 3.3.8 libqt3c102-mt-odbc versions prior to 3.3.8 qt3-designer versions prior to 3.3.8 qt3-dev-tools-embedded versions prior to 3.3.8 libqt3-dev versions prior to 3.3.8 libqt3-mt-psql versions prior to 3.3.8 qt-designer-3.3.3 versions prior to 3.3.8 qt-devel-docs-3.3.6 versions prior to 3.3.8 qt-3.3.6 versions prior to 3.3.8 qt3-examples versions prior to 3.3.8 qt3-qtconfig versions prior to 3.3.8 libqt3c102-mt-sqlite versions prior to 3.3.8 libqt3c102-mt-psql versions prior to 3.3.8 qt-x11-free-dbg versions prior to 3.3.8 libqt3-mt-ibase versions prior to 3.3.8 qt-config-3.3.6 versions prior to 3.3.8 libqt3-compat-headers versions prior to 3.3.8 libqt3c102-ibase versions prior to 3.3.8 qt-designer-3.3.6 versions prior to 3.3.8 qt (versions prior to 3.3.8-r4) libqt3-mt-odbc versions prior to 3.3.8 libqt3-mt versions prior to 3.3.8 qt-devel-3.3.6 versions prior to 3.3.8 libqt3-mt-sqlite versions prior to 3.3.8 libqt3-headers versions prior to 3.3.8 libqt3c102-mt versions prior to 3.3.8 qt3-dev-tools-compat versions prior to 3.3.8 libqt3-mt-mysql versions prior to 3.3.8 qt3-apps-dev versions prior to 3.3.8 qt3-linguist versions prior to 3.3.8 qt-config-3.3.3 versions prior to 3.3.8 qt-devel-3.3.3 versions prior to 3.3.8 qt-3.3.3 versions prior to 3.3.8 qt3-doc versions prior to 3.3.8 libqt3c102 versions prior to 3.3.8 libqt3c102-odbc versions prior to 3.3.8 **Description** The issue is related to multiple vulnerabilities in various Qt packages, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. According to the information provided, the vulnerabilities are present in various Qt packages, including libqt3-mt-dev, libqt3c102-mt-ibase, qt3-dev-tools, and others. The exploitation of these vulnerabilities can result in a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. **Recommendations** For each affected version, update to a version 3.3.8 or later to resolve the issue. As a temporary workaround, consider disabling the `QUtf8Decoder::toUnicode` function until a patch is available. Restrict access to the vulnerable modules to minimize the risk of exploitation. Avoid using the vulnerable packages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.