Thomas Leroy

**Name of the Vulnerable Software and Affected Versions** SUSE openSUSE Factory obs-service-go modules versions prior to 0.6.1 **Description** An Improper Handling of Exceptional Conditions issue in obs-service-go modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. **Recommendations** For SUSE openSUSE Factory obs-service-go modules versions prior to 0.6.1, update to version 0.6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the service to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux-PAM versions prior to 1.5.2-6.1 **Description** The issue is related to the pam access.so module of the Linux-PAM package, which does not correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. This can allow a user with denied access to a machine to still get access. The relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory, and it does not affect Linux-PAM upstream. **Recommendations** For Linux-PAM versions prior to 1.5.2-6.1, update to version 1.5.2-6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the pam access.so module until a patch is available. Avoid using the pam access.so module for SSH logins from IP addresses that are not resolvable via DNS until the issue is resolved.