Florian Zumbiehl

**Name of the Vulnerable Software and Affected Versions** Chicken versions prior to 4.9.0 **Description** The issue is related to an OS command injection vulnerability in the `qs` procedure from the `utils` module. **Recommendations** For versions prior to 4.9.0, update to version 4.9.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Debian GNU/Linux kernel-image versions 2.4.27-4-386 through 2.4.27-4-k7-smp Debian GNU/Linux kernel-headers versions 2.4.27-4-386 through 2.4.27-4-k7-smp Debian GNU/Linux kernel-pcmcia-modules versions 2.4.27-4-386 through 2.4.27-4-k7-smp Debian GNU/Linux pcmcia-modules versions 2.4.27-4-386 through 2.4.27-4-k7-smp SUSE Linux Enterprise kernel-default versions (affected versions not specified) openSUSE kernel-default versions (affected versions not specified) **Description** The issue is related to multiple vulnerabilities in various Linux kernel packages, which can lead to a disruption of protected information availability. These vulnerabilities can be exploited remotely. The affected packages include kernel-image, kernel-headers, kernel-pcmcia-modules, and pcmcia-modules for Debian GNU/Linux, as well as kernel-default for SUSE Linux Enterprise and openSUSE. The exploitation of these vulnerabilities can result in a denial of service (memory consumption) by creating a socket using connect and releasing it before the PPPIOCGCHAN ioctl is initialized. **Recommendations** For Debian GNU/Linux kernel-image versions 2.4.27-4-386 through 2.4.27-4-k7-smp, update to a newer version that contains a fix for this issue. For Debian GNU/Linux kernel-headers versions 2.4.27-4-386 through 2.4.27-4-k7-smp, update to a newer version that contains a fix for this issue. For Debian GNU/Linux kernel-pcmcia-modules versions 2.4.27-4-386 through 2.4.27-4-k7-smp, update to a newer version that contains a fix for this issue. For Debian GNU/Linux pcmcia-modules versions 2.4.27-4-386 through 2.4.27-4-k7-smp, update to a newer version that contains a fix for this issue. For SUSE Linux Enterprise kernel-default, update to a newer version that contains a fix for this issue. For openSUSE kernel-default, update to a newer version that contains a fix for this issue. As a temporary workaround, consider disabling the vulnerable kernel modules until a patch is available. Restrict access to the vulnerable kernel modules to minimize the risk of exploitation. Avoid using the affected kernel packages until the issue is resolved.