Max Justicz

**Name of the Vulnerable Software and Affected Versions** dpkg versions prior to 1.21.8 dpkg versions prior to 1.20.10 dpkg versions prior to 1.19.8 dpkg versions prior to 1.18.26 **Description** The issue is related to a directory traversal vulnerability in the Dpkg::Source::Archive component of the Debian package management system. This vulnerability can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. The vulnerability occurs when extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, leading to directory traversal situations on specially crafted orig.tar and debian.tar tarballs. **Recommendations** For versions prior to 1.21.8, update to version 1.21.8 or later. For versions prior to 1.20.10, update to version 1.20.10 or later. For versions prior to 1.19.8, update to version 1.19.8 or later. For versions prior to 1.18.26, update to version 1.18.26 or later.

**Name of the Vulnerable Software and Affected Versions** Fossil versions prior to 2.10.2 Fossil versions 2.11.x prior to 2.11.2 Fossil versions 2.12.x prior to 2.12.1 **Description** The issue allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository. **Recommendations** For versions prior to 2.10.2, update to version 2.10.2 or later. For versions 2.11.x prior to 2.11.2, update to version 2.11.2 or later. For versions 2.12.x prior to 2.12.1, update to version 2.12.1 or later.

**Name of the Vulnerable Software and Affected Versions** apt versions 1.4.8 and earlier **Description** The issue is related to incorrect sanitation of the 302 redirect field in the HTTP transport method, which can lead to content injection by a Man-In-The-Middle (MITM) attacker. This potentially allows for remote code execution on the target machine. **Recommendations** For apt versions 1.4.8 and earlier, update to a version later than 1.4.8 to resolve the issue. As a temporary workaround, consider restricting the use of the HTTP transport method until a patch is available. Avoid using the `HTTP` protocol in apt configurations to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Alpine Linux versions prior to 2.6.10 Alpine Linux versions prior to 2.7.6 Alpine Linux versions prior to 2.10.1 **Description** The issue is related to a bug in apk-tools, Alpine Linux' package manager, which can result in Remote Code Execution. A specially crafted APK-file can cause apk to write arbitrary data to an attacker-specified file due to bugs in handling long link target name and the way a regular file is extracted. **Recommendations** For versions prior to 2.6.10, update to version 2.6.10 or later. For versions prior to 2.7.6, update to version 2.7.6 or later. For versions prior to 2.10.1, update to version 2.10.1 or later.

**Name of the Vulnerable Software and Affected Versions** Google gVisor versions prior to 2018-11-01 **Description** The issue allows attackers to overwrite memory locations in processes running as root, but does not allow escape from the sandbox. This is achieved via vectors involving IPC RMID `shmctl` calls, due to mishandled reference counting. **Recommendations** For Google gVisor versions prior to 2018-11-01, update to a version released after 2018-11-01 to resolve the issue. As a temporary workaround, consider restricting access to the `shmctl` calls to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** tar crate versions prior to 0.4.16 **Description** An issue in the tar crate allows arbitrary file overwrite via a symlink or hardlink in a TAR archive. When unpacking a tarball, tarballs with hard links or symlinks can be used to overwrite any file on the filesystem. This occurs because tarballs can contain multiple entries for the same file, and a tarball with an entry for a hard link or symlink pointing to any file on the filesystem can have the link created, allowing any file to be rewritten on the filesystem. **Recommendations** For versions prior to 0.4.16, update to version 0.4.16 to resolve the issue. As a temporary workaround, consider avoiding the use of the `unpack in`-family of functions when unpacking tarballs from untrusted sources. Restrict access to tarballs with hard links or symlinks to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache CouchDB versions prior to 1.7.0 Apache CouchDB versions 2.x prior to 2.1.1 **Description** The issue is related to differences in the Erlang-based JSON parser and JavaScript-based JSON parser in Apache CouchDB. This can allow a remote attacker, who is not an administrator, to gain access to execute arbitrary shell commands on the server with administrator privileges. The vulnerability enables non-admin users to assign themselves admin roles by submitting users documents with duplicate keys for 'roles' used for access control within the database. **Recommendations** For Apache CouchDB versions prior to 1.7.0, update to version 1.7.0 or later to resolve the issue. For Apache CouchDB versions 2.x prior to 2.1.1, update to version 2.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the users document and limiting the ability of non-admin users to assign themselves roles until a patch is available.

**Name of the Vulnerable Software and Affected Versions** RubyGems versions 2.0.0 through 2.6.13 **Description** The issue concerns a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists, allowing specially crafted serialized objects to possibly escalate to remote code execution. **Recommendations** For RubyGems versions 2.0.0 through 2.6.13, update to version 2.6.14 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 53.0.2785.89 on Windows and OS X Google Chrome versions prior to 53.0.2785.92 on Linux Opera (affected versions not specified) **Description** The issue arises from the extensions subsystem relying on an IFRAME source URL to identify an associated extension. This allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a resource that initially has the about:blank URL. **Recommendations** For Google Chrome versions prior to 53.0.2785.89 on Windows and OS X, update to version 53.0.2785.89 or later. For Google Chrome versions prior to 53.0.2785.92 on Linux, update to version 53.0.2785.92 or later. For Opera, at the moment, there is no information about a newer version that contains a fix for this issue.