Javier Fernández-Sanguino Peña

**Name of the Vulnerable Software and Affected Versions** antiword versions 0.35 and earlier **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on temporary output and error files used by the kantiword and gantiword scripts. **Recommendations** For antiword versions 0.35 and earlier, consider restricting access to the kantiword and gantiword scripts until a patch is available. As a temporary workaround, avoid using these scripts with temporary files in untrusted environments to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Tux Paint versions 0.9.14 and earlier **Description** The issue concerns multiple vulnerabilities in the tuxpaint-data package of the Debian GNU/Linux operating system, which can lead to breaches of confidentiality, integrity, and availability of protected information. A local attacker can exploit these vulnerabilities. Additionally, the tuxpaint-import.sh script in Tux Paint creates temporary files insecurely. **Recommendations** For Tux Paint versions 0.9.14 and earlier, consider restricting access to the tuxpaint-import.sh script until a secure version is available. As a temporary workaround, consider disabling the creation of temporary files by the tuxpaint-import.sh script to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Bugzilla versions 2.9 through 2.16.10 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files used by the shadow database feature (syncshadowdb). **Recommendations** For Bugzilla versions 2.9 through 2.16.10, consider disabling the syncshadowdb feature until a patch is available to prevent exploitation. Restrict access to temporary files used by this feature to minimize the risk of arbitrary file overwrites.

**Name of the Vulnerable Software and Affected Versions** tkdiff versions prior to 4.1.1 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files, potentially leading to disruption of confidentiality, integrity, and availability of protected information. This can be exploited by a local attacker. **Recommendations** For versions prior to 4.1.1, update to version 4.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to temporary files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Inkscape versions prior to 0.41 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the `tmpepsifile.epsi` temporary file, which is created by the ps2epsi extension shell script `ps2epsi.sh`. **Recommendations** For versions prior to 0.41, update to version 0.41 or later to resolve the issue. As a temporary workaround, consider restricting access to the `ps2epsi.sh` script until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Acme thttpd versions prior to 2.23 **Description** The issue allows local users to write arbitrary files via a symlink attack on a temporary file. This is related to the syslogtocern functionality in Acme thttpd. **Recommendations** For versions prior to 2.23, update to version 2.23 or later to resolve the issue. As a temporary workaround, consider restricting access to the syslogtocern functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** mgdiff version 1.0 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files created by the viewpatch in mgdiff. **Recommendations** For mgdiff version 1.0, consider restricting access to the viewpatch functionality until a fix is available, and avoid using it to process untrusted input.

**Name of the Vulnerable Software and Affected Versions** HylaFax versions 4.2.1 and earlier **Description** The issue allows local users to potentially read faxes and cause a denial of service by creating a UNIX domain socket using the hyla.unix temporary file, as the software does not properly create or verify ownership of this socket. **Recommendations** For HylaFax versions 4.2.1 and earlier, consider restricting access to the hyla.unix temporary file to prevent unauthorized creation of the UNIX domain socket until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** vim version 6.3 **Description** The issue allows local users to overwrite or create arbitrary files via a symlink attack on temporary files used by the tcltags or vimspell.sh scripts. **Recommendations** For vim version 6.3, consider restricting access to the tcltags and vimspell.sh scripts until a patch is available, or avoid using these scripts to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** debmake versions 3.6.x through 3.6.9 debmake versions 3.7.x through 3.7.6 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on temporary directories. Multiple vulnerabilities in the debmake package of the Debian GNU/Linux operating system can be exploited by a local attacker, potentially leading to a breach of protected information integrity. **Recommendations** For debmake versions 3.6.x through 3.6.9, update to version 3.6.10 or later. For debmake versions 3.7.x through 3.7.6, update to version 3.7.7 or later.

Name of the Vulnerable Software and Affected Versions: groff version 1.18.1 Description: The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files, specifically affecting the eqn2graph and pic2graph scripts. Recommendations: For groff version 1.18.1, consider restricting access to the eqn2graph and pic2graph scripts until a patch is available, or apply configuration changes to prevent symlink attacks on temporary files.

Name of the Vulnerable Software and Affected Versions: apache-utils version 1.3.31 Description: The issue allows local users to overwrite or create arbitrary files via a symlink attack on temporary files used by the check forensic script in the apache-utils package. Recommendations: For apache-utils version 1.3.31, consider restricting access to the check forensic script until a patch is available, or apply configuration changes to prevent symlink attacks on temporary files.

**Name of the Vulnerable Software and Affected Versions** aStats version 1.6.5 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on certain files, including the aStats-Graphic-Signature-Generation file and specific PNG image files. **Recommendations** For version 1.6.5, consider restricting access to the affected files to prevent a symlink attack until a patch is available. As a temporary workaround, avoid using the `aStats-Graphic-Signature-Generation` file and certain PNG image files to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: a2ps versions prior to 4.13 Description: The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files created by the fixps and psmandup scripts. Recommendations: For versions prior to 4.13, update to version 4.13 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** dhis-tools-dns versions prior to 5.0 **Description** The issue affects the dhis-tools-dns package, allowing local users to overwrite arbitrary files via a symlink attack on temporary files created by (1) register-q.sh and (2) register-p.sh scripts. This can lead to a violation of protected information integrity. The exploitation can be carried out by a local attacker. **Recommendations** For versions prior to 5.0, update to version 5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the register-q.sh and register-p.sh scripts until a patch is available. Avoid using these scripts in sensitive operations until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** lm-sensors versions prior to 2.9.1 libsensors3 (affected versions not specified) libsensors-dev (affected versions not specified) lm-sensors-2.4.27-2-386 (affected versions not specified) lm-sensors-2.4.27-2-586tsc (affected versions not specified) lm-sensors-2.4.27-2-686 (affected versions not specified) lm-sensors-2.4.27-2-686-smp (affected versions not specified) lm-sensors-2.4.27-2-k6 (affected versions not specified) lm-sensors-2.4.27-2-k7 (affected versions not specified) lm-sensors-2.4.27-2-k7-smp (affected versions not specified) kernel-patch-2.4-lm-sensors (affected versions not specified) **Description** The issue concerns multiple vulnerabilities in the lm-sensors package of the Debian GNU/Linux operating system, which can lead to the compromise of protected information. These vulnerabilities can be exploited by a local attacker. Specifically, the pwmconfig in LM sensors before version 2.9.1 creates temporary files insecurely, allowing local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file. **Recommendations** For lm-sensors versions prior to 2.9.1, update to version 2.9.1 or later to resolve the issue. For libsensors3, libsensors-dev, lm-sensors-2.4.27-2-386, lm-sensors-2.4.27-2-586tsc, lm-sensors-2.4.27-2-686, lm-sensors-2.4.27-2-686-smp, lm-sensors-2.4.27-2-k6, lm-sensors-2.4.27-2-k7, lm-sensors-2.4.27-2-k7-smp, and kernel-patch-2.4-lm-sensors, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** kdeedu versions 3.0 through 3.4.2 kdeedu-doc-html (affected versions not specified) kdeedu-data (affected versions not specified) libkdeedu1 (affected versions not specified) libkdeedu-dev (affected versions not specified) **Description** The issue involves multiple vulnerabilities in the kdeedu package of the Debian GNU/Linux operating system, which can lead to a breach of protected information integrity. These vulnerabilities can be exploited remotely. Additionally, a specific vulnerability in langen2kvtml, part of KDE 3.0 to 3.4.2, creates insecure temporary files in /tmp with predictable names, allowing local users to overwrite arbitrary files. **Recommendations** For kdeedu versions 3.0 through 3.4.2: Update to a version outside of this range to mitigate the risk. For kdeedu-doc-html: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For kdeedu-data: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For libkdeedu1: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For libkdeedu-dev: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** cfengine versions 1.6.5 through 2.1.16 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in. This can lead to a disruption of protected information integrity. The exploitation of the issue can be carried out by a local attacker. **Recommendations** For versions 1.6.5 through 2.1.16, consider restricting access to the vicf.in file to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the vicf.in file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** cfengine version 1.6.5 **Description** The issue concerns multiple vulnerabilities in the cfengine package of the Debian GNU/Linux operating system, which can be exploited by a local attacker to compromise the integrity of protected information. Specifically, the cfmailfilter and cfcron.in files for cfengine 1.6.5 are vulnerable to a symlink attack on temporary files, allowing local users to overwrite arbitrary files. **Recommendations** For version 1.6.5, consider restricting access to the cfmailfilter and cfcron.in files to prevent local users from exploiting the vulnerability. As a temporary workaround, consider disabling the `cfmailfilter` and `cfcron.in` files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.