Tyler Hicks

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A issue in the Linux kernel has been resolved, specifically a fid refcount leak in v9fs vfs atomic open dotl. The leak occurs when the directory fid is not released if the open operation fails halfway through. This fix addresses fid leaking with xfstests generic 531. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.17 **Description** The issue is related to the `irda setsockopt` function in the Linux kernel, which can cause a denial of service due to a use-after-free error, potentially leading to a system crash. This may also have other unspecified impacts. The vulnerability can be exploited via an AF IRDA socket. **Recommendations** For Linux kernel versions prior to 4.17, update to version 4.17 or later to resolve the issue. As a temporary workaround, consider restricting access to AF IRDA sockets to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.17 **Description** The issue is related to a memory leak in the `irda bind` function, which can be exploited by local users to cause a denial of service by consuming memory through repeatedly binding an AF IRDA socket. This is due to the lack of resource release after its valid usage period has expired. **Recommendations** For Linux kernel versions prior to 4.17, update to version 4.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the `irda bind` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LightDM versions prior to 1.22.0 **Description** The issue allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session, specifically when systemd is used in Ubuntu 16.10 and 17.x. **Recommendations** For LightDM versions prior to 1.22.0, update to version 1.22.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** File Roller versions 3.5.4 through 3.20.2 **Description** The issue allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive. This is related to the ` g file remove directory` function in `file-utils.c`. **Recommendations** For versions 3.5.4 through 3.20.2, consider restricting access to archives from untrusted sources to minimize the risk of exploitation. As a temporary workaround, avoid using the ` g file remove directory` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** BusyBox versions prior to 1.22.0 **Description** The issue is related to a directory traversal vulnerability in the BusyBox implementation of tar, which allows remote attackers to point to files outside the current working directory via a symlink. This vulnerability is associated with incorrect path name restrictions, enabling a remote attacker to impact data integrity using a symbolic link. **Recommendations** For versions prior to 1.22.0, update to version 1.22.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the tar implementation in BusyBox to minimize the risk of exploitation.