Filippo Bonazzi

**Name of the Vulnerable Software and Affected Versions** openSUSE Factory sendmail versions prior to 8.17.1-1.1 **Description** A local attacker can exploit an Improper Link Resolution Before File Access issue, also known as 'Link Following', in a script used by the sendmail systemd service to escalate privileges from user mail to root. **Recommendations** For openSUSE Factory sendmail versions prior to 8.17.1-1.1, update to version 8.17.1-1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Grommunio Gromox versions 0.5 through 1.x before 1.28 **Description** The issue is related to weak permissions on the configuration file in the PAM module, allowing a local unprivileged user in the gromox group to execute arbitrary code upon loading the Gromox PAM module. **Recommendations** For versions 0.5 through 1.x before 1.28, update to version 1.28 or later to resolve the issue.