Yves-Alexis Perez

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the mm: huge memory component in the Linux kernel, specifically with the alignment of huge pages on 32-bit machines. The problem arose because x86 32 uses CONFIG X86 32 instead of CONFIG 32BIT, and the commit to fix this issue did not work as expected. The solution involves using !CONFIG 64BIT to relax huge page alignment on 32-bit machines, which should cover all 32-bit machines. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Pwgen version 2.06 Description: The Phonemes mode in Pwgen generates predictable passwords, making it easier for context-dependent attackers to guess the password via a brute-force attack. Recommendations: For Pwgen version 2.06, consider using a different password generation mode to minimize the risk of exploitation. As a temporary workaround, consider disabling the Phonemes mode until a patch is available. Avoid using the predictable passwords generated by the Phonemes mode in Pwgen version 2.06. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Light Display Manager (aka LightDM) versions 1.4.x through 1.4.2 Light Display Manager (aka LightDM) versions 1.6.x through 1.6.1 Light Display Manager (aka LightDM) versions 1.7.x through 1.7.13 **Description** The issue allows local users to obtain sensitive information by reading a temporary file. **Recommendations** For versions 1.4.x through 1.4.2, update to version 1.4.3 or later. For versions 1.6.x through 1.6.1, update to version 1.6.2 or later. For versions 1.7.x through 1.7.13, update to version 1.7.14 or later.

**Name of the Vulnerable Software and Affected Versions** CUPS versions 1.3.7 through 1.4.4 CUPS version 1.4.4 **Description** The issue allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface, potentially leading to a violation of confidentiality, integrity, and availability of protected information. This can be exploited locally. **Recommendations** For CUPS versions 1.3.7 through 1.4.4, consider restricting access to the web interface to minimize the risk of exploitation. For CUPS version 1.4.4, as a temporary workaround, consider disabling the web interface until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Broadcom Integrated NIC Management Firmware versions 1.x before 1.40.0.0 Broadcom Integrated NIC Management Firmware versions 8.x before 8.08 **Description** The issue allows remote attackers to execute arbitrary code via unknown vectors. **Recommendations** For versions 1.x before 1.40.0.0, update to version 1.40.0.0 or later. For versions 8.x before 8.08, update to version 8.08 or later.