Javier Fernandez-Sanguino Pena

**Name of the Vulnerable Software and Affected Versions** jailer version 0.4 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on a /tmp/#####.updatejail temporary file created by the updatejail function in jailer. **Recommendations** For jailer version 0.4, consider restricting access to the updatejail function until a patch is available to prevent local users from overwriting arbitrary files. As a temporary workaround, avoid using the updatejail function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** f2c package version 3.1 **Description** The issue allows local users to read arbitrary files via a symlink attack on temporary files. Multiple vulnerabilities in the f2c package may lead to a breach of protected information, and exploitation can be carried out by a local attacker. **Recommendations** For f2c package version 3.1, consider restricting access to temporary files to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DBI library (libdbi-perl) for Perl (affected versions not specified) **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MySQL versions 3.x and earlier MySQL versions 4.0.23 and earlier MySQL versions 4.1.x before 4.1.10 MySQL versions 5.0.x before 5.0.3 **Description** The issue allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files created by the mysqlaccess script. **Recommendations** For MySQL versions 3.x and earlier, update to a version later than 3.x to resolve the issue. For MySQL versions 4.0.23 and earlier, update to a version later than 4.0.23 to resolve the issue. For MySQL versions 4.1.x before 4.1.10, update to version 4.1.10 or later to resolve the issue. For MySQL versions 5.0.x before 5.0.3, update to version 5.0.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** vdr versions prior to 1.2.6 **Description** The issue concerns multiple vulnerabilities in the vdr package of the Debian GNU/Linux operating system, which can lead to a breach of protected information integrity. These vulnerabilities can be exploited remotely. The problem is related to the insecure creation of files, allowing attackers to overwrite arbitrary files. **Recommendations** For versions prior to 1.2.6, update to version 1.2.6 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation. Avoid using the vulnerable package until the issue is resolved.