Pedrohc

**Name of the Vulnerable Software and Affected Versions** lldptool versions 1.0.1 and older **Description** The issue allows an attacker to inject shell control characters into a buffer, potentially impacting the behavior of the terminal, when `mngAddr` information is displayed. This occurs because `lldptool` can print a raw, unsanitized attacker-controlled buffer. **Recommendations** For versions 1.0.1 and older, as a temporary workaround, consider restricting the display of `mngAddr` information until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kerberos versions prior to 1.16.1 **Description** An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances. **Recommendations** For versions prior to 1.16.1, update to version 1.16.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the certauth interface until a patch is available.