Michael Tokarev

**Name of the Vulnerable Software and Affected Versions** pigz versions prior to 2.2.5 **Description** A race condition exists in the compression process, where permissions derived from the umask are used before setting the file's permissions to match the original file. This might allow local users to bypass intended access permissions during compression. **Recommendations** For versions prior to 2.2.5, update to version 2.2.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** FreeSWITCH version 1.2 **Description** The issue is related to multiple buffer overflows in the switch perform substitution function in switch regex.c, which can be exploited by remote attackers. This can cause a denial of service (crash) and potentially allow the execution of arbitrary code. The attack vectors are related to the index and substituted variables. **Recommendations** For FreeSWITCH version 1.2, consider disabling the switch perform substitution function in switch regex.c as a temporary workaround until a patch is available. Restrict access to the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** openSUSE kernel-ppc64-extra (affected versions not specified) openSUSE kernel-pseries64 (affected versions not specified) openSUSE kernel-s390-debug (affected versions not specified) openSUSE kernel-smp-debuginfo (affected versions not specified) openSUSE kernel-xen-extra (affected versions not specified) SUSE Linux Enterprise kernel-default-base (affected versions not specified) SUSE Linux Enterprise kernel-pae (affected versions not specified) SUSE Linux Enterprise kernel-pae-base (affected versions not specified) openSUSE kernel-ppc64 (affected versions not specified) openSUSE kernel-ppc64-base (affected versions not specified) openSUSE kernel-ppc64-debuginfo (affected versions not specified) openSUSE kernel-ppc64-debugsource (affected versions not specified) SUSE Linux Enterprise kernel-ppc64-debugsource (affected versions not specified) openSUSE kernel-s390 (affected versions not specified) openSUSE kernel-s390x (affected versions not specified) openSUSE kernel-s390x-debug (affected versions not specified) openSUSE kernel-xenpae (affected versions not specified) openSUSE kernel-xenpae-debuginfo (affected versions not specified) SUSE Linux Enterprise kernel-xen-extra (affected versions not specified) openSUSE kernel-default-extra (affected versions not specified) SUSE Linux Enterprise kernel-default-extra (affected versions not specified) openSUSE kernel-kdump (affected versions not specified) openSUSE kernel-kdump-debuginfo (affected versions not specified) openSUSE kernel-kdump-debugsource (affected versions not specified) SUSE Linux Enterprise kernel-kdump-debugsource (affected versions not specified) openSUSE kernel-source-debuginfo (affected versions not specified) openSUSE kernel-sn2 (affected versions not specified) openSUSE kernel-vmipae (affected versions not specified) openSUSE kernel-bigsmp (affected versions not specified) openSUSE kernel-bigsmp-debuginfo (affected versions not specified) openSUSE ocfs2-kmp-ppc64 (affected versions not specified) openSUSE ocfs2-kmp-xen (affected versions not specified) SUSE Linux Enterprise ocfs2-kmp-xen (affected versions not specified) openSUSE ocfs2-kmp-pae (affected versions not specified) SUSE Linux Enterprise ocfs2-kmp-pae (affected versions not specified) openSUSE ocfs2-kmp-default (affected versions not specified) SUSE Linux Enterprise ocfs2-kmp-default (affected versions not specified) openSUSE ext4dev-kmp-ppc64 (affected versions not specified) SUSE Linux Enterprise ext4dev-kmp-ppc64 (affected versions not specified) openSUSE ext4dev-kmp-default (affected versions not specified) SUSE Linux Enterprise ext4dev-kmp-default (affected versions not specified) openSUSE ext4dev-kmp-xen (affected versions not specified) openSUSE ext4dev-kmp-vmi (affected versions not specified) openSUSE cluster-network-kmp-xen (affected versions not specified) SUSE Linux Enterprise cluster-network-kmp-xen (affected versions not specified) openSUSE cluster-network-kmp-ppc64 (affected versions not specified) openSUSE cluster-network-kmp-pae (affected versions not specified) openSUSE cluster-network-kmp-default (affected versions not specified) SUSE Linux Enterprise cluster-network-kmp-default (affected versions not specified) openSUSE kexec-tools (affected versions not specified) SUSE Linux Enterprise kexec-tools-debuginfo (affected versions not specified) openSUSE kexec-tools-debuginfo (affected versions not specified) openSUSE appleir-kmp-debug (affected versions not specified) openSUSE acx-kmp-debug (affected versions not specified) openSUSE pcc-acpi-kmp-debug (affected versions not specified) openSUSE uvcvideo-kmp-debug (affected versions not specified) openSUSE acerhk-kmp-debug (affected versions not specified) openSUSE wlan-ng-kmp-debug (affected versions not specified) openSUSE gspcav-kmp-debug (affected versions not specified) openSUSE at76 usb-kmp-debug (affected versions not specified) openSUSE atl2-kmp-debug (affected versions not specified) openSUSE tpctl-kmp-debug (affected versions not specified) openSUSE nouveau-kmp-debug (affected versions not specified) openSUSE um-host-install-initrd (affected versions not specified) openSUSE um-host-kernel (affected versions not specified) openSUSE kernel-iseries64 (affected versions not specified) openSUSE kernel-iseries64-debuginfo (affected versions not specified) openSUSE kernel-ec2 (affected versions not specified) SUSE Linux Enterprise kernel-ec2 (affected versions not specified) openSUSE kernel-ec2-base (affected versions not specified) SUSE Linux Enterprise kernel-xen-base (affected versions not specified) openSUSE kernel-64k-pagesize (affected versions not specified) openSUSE kernel-default-man (affected versions not specified) openSUSE kernel-smp (affected versions not specified) openSUSE kernel-trace-extra (affected versions not specified) openSUSE kernel-debug-extra (affected versions not specified) openSUSE kernel-um (affected versions not specified) openSUSE kernel-ps3 (affected versions not specified) **Description** The issue is related to multiple vulnerabilities in various kernel packages of openSUSE and SUSE Linux Enterprise operating systems. These vulnerabilities can be exploited remotely, leading to a denial of service (kernel memory corruption and crash) via a long packet. The vulnerabilities are present in different kernel packages, including kernel-ppc64-extra, kernel-pseries64, kernel-s390-debug, and others. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.