Ulrich

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A regression in the netfilter nfnetlink queue component causes UDP packets to be dropped instead of queued. This occurs when an application has not set the `F GSO` capability flag and a Generic Segmentation Offload (GSO) packet with an unconfirmed `nf conn` entry is received. The issue stems from the shared-unconfirmed check being performed after the `skb gso segment()` function, leading to an elevated use count due to `skb clone` and subsequent packet drops. This behavior is specific to UDP, as TCP SYN packets are not aggregated by Generic Receive Offload (GRO). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Shopware versions prior to 6.4.8.2 **Description** The issue arises from the improper setting of sensitive HTTP headers, making them cacheable. If an HTTP cache exists between the server and client, these headers may be exposed via HTTP caches. This affects Shopware, an open commerce platform based on the Symfony PHP framework and the Vue JavaScript framework. **Recommendations** For versions prior to 6.4.8.2, update to version 6.4.8.2 to resolve the issue. For older versions of 6.1, 6.2, and 6.3, consider installing a corresponding security plugin as a temporary measure, but updating to the latest Shopware version is recommended for the full range of functions.