Enrico Scholz

Name of the Vulnerable Software and Affected Versions: newsx version 1.6 Description: The issue is a stack-based buffer overflow in the `read article` function, located in getarticle.c. This occurs when a news article contains a large number of lines starting with a period, allowing remote attackers to execute arbitrary code. Recommendations: For newsx version 1.6, consider applying a patch or fix to the `read article` function to prevent the buffer overflow, or temporarily restrict the processing of news articles with a large number of lines starting with a period until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libtool-ltdl library version 1.5.22-2.3 **Description** The issue is related to an untrusted search path vulnerability in the libtool-ltdl library. This could potentially allow local users to execute arbitrary code by placing a malicious library in specific subdirectories, including `hwcap`, `0`, and `nosegneg`. **Recommendations** For libtool-ltdl library version 1.5.22-2.3, consider restricting access to the subdirectories `hwcap`, `0`, and `nosegneg` to prevent malicious library execution until a patch is available.