Miloslav Trmač

**Name of the Vulnerable Software and Affected Versions** AWS Lambda versions (affected versions not specified) **Description** On Unix platforms, when listing directory contents using `File.ReadDir` or `File.Readdir`, the returned `FileInfo` could reference a file outside the root directory in which the file was opened. This allows reading metadata from arbitrary locations on the filesystem using `lstat` without permitting file reading or writing outside the root. The issue impacts stdlib in 27 Lambda base images. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** proglottis Go wrapper versions prior to 0.1.1 **Description** The issue is related to a use-after-free problem, which can cause a crash or potentially allow code execution during GPG signature verification. This is due to improper memory management, where memory passed to C may be freed before it is used, leading to crashes or possible code execution. **Recommendations** For proglottis Go wrapper versions prior to 0.1.1, update to version 0.1.1 or later to resolve the issue. As a temporary workaround, consider disabling GPG signature verification until a patch is available. Restrict access to the GPGME library to minimize the risk of exploitation. Avoid using the proglottis Go wrapper for container image pulls by Docker or CRI-O until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** gnome-system-log (affected versions not specified) **Description** The issue allows arbitrary files on the system to be read due to a polkit policy in gnome-system-log. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libuser (affected versions not specified) **Description** The issue is related to information disclosure when the user's home directory is moved. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: containers/image library used by Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 CRI-O in OpenShift Container Platform Description: The issue concerns the containers/image library, which does not enforce TLS connections to the container registry authorization service. This allows an attacker to launch a Man-in-the-Middle (MiTM) attack, potentially stealing login credentials or bearer tokens. The HTTP client used to connect to the container registry authorization service explicitly disables TLS verification, making it vulnerable to such attacks. Recommendations: For Red Hat Enterprise Linux version 8, update the containers/image library to a version that enforces TLS connections. For OpenShift Container Platform, update CRI-O to a version that enforces TLS connections. As a temporary workaround, consider restricting access to the container registry authorization service to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IPTables-Parse versions prior to 1.6 **Description** The issue allows local users to write to arbitrary files owned by the current user. **Recommendations** For versions prior to 1.6, update to version 1.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** mate-settings-daemon version 1.5.3 **Description** The issue allows local users to change the system timezone via a crafted D-Bus call due to the default configuration in mate-settings-daemon. **Recommendations** For mate-settings-daemon version 1.5.3, consider restricting access to the D-Bus interface to prevent unauthorized changes to the system timezone.

**Name of the Vulnerable Software and Affected Versions** abrt versions 2.0.8 and earlier abrt-addon-ccpp versions 2.0.8 and earlier abrt-addon-kerneloops versions 2.0.8 and earlier abrt-addon-python versions 2.0.8 and earlier abrt-addon-vmcore versions 2.0.8 and earlier abrt-cli versions 2.0.8 and earlier abrt-debuginfo versions 2.0.8 and earlier abrt-devel versions 2.0.8 and earlier abrt-desktop versions 2.0.8 and earlier abrt-gui versions 2.0.8 and earlier abrt-libs versions 2.0.8 and earlier abrt-tui versions 2.0.8 and earlier libreport versions 2.0.9 and earlier libreport-cli versions 2.0.9 and earlier libreport-debuginfo versions 2.0.9 and earlier libreport-devel versions 2.0.9 and earlier libreport-gtk versions 2.0.9 and earlier libreport-gtk-devel versions 2.0.9 and earlier libreport-newt versions 2.0.9 and earlier libreport-plugin-bugzilla versions 2.0.9 and earlier libreport-plugin-kerneloops versions 2.0.9 and earlier libreport-plugin-logger versions 2.0.9 and earlier libreport-plugin-mailx versions 2.0.9 and earlier libreport-plugin-reportuploader versions 2.0.9 and earlier libreport-plugin-rhtsupport versions 2.0.9 and earlier libreport-python versions 2.0.9 and earlier **Description** The issue is related to multiple vulnerabilities in various packages of the Automatic Bug Reporting Tool (ABRT) and libreport. These vulnerabilities can be exploited locally, potentially leading to a breach of confidentiality, integrity, and availability of protected information. According to the information provided, the exploitation can be carried out by modifying the PYTHONPATH environment variable to reference a malicious Python module, allowing local users to load and execute arbitrary Python modules. **Recommendations** For abrt versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-addon-ccpp versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-addon-kerneloops versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-addon-python versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-addon-vmcore versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-cli versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-debuginfo versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-devel versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-desktop versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-gui versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-libs versions 2.0.8 and earlier, update to a version later than 2.0.8. For abrt-tui versions 2.0.8 and earlier, update to a version later than 2.0.8. For libreport versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-cli versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-debuginfo versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-devel versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-gtk versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-gtk-devel versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-newt versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-plugin-bugzilla versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-plugin-kerneloops versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-plugin-logger versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-plugin-mailx versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-plugin-reportuploader versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-plugin-rhtsupport versions 2.0.9 and earlier, update to a version later than 2.0.9. For libreport-python versions 2.0.9 and earlier, update to a version later than 2.0.9. As a temporary workaround, consider restricting access to the `PYTHONPATH` environment variable to prevent local users from loading and executing arbitrary Python modules.