Zen-Parse

**Name of the Vulnerable Software and Affected Versions** Netscape versions 7.0 through 7.1 Mozilla versions 1.6 and possibly earlier **Description** The issue is related to an integer overflow in the SOAPParameter object constructor, which allows remote attackers to execute arbitrary code. **Recommendations** For Netscape versions 7.0 through 7.1, consider updating to a version where this issue is fixed, if available. For Mozilla versions 1.6 and possibly earlier, consider updating to a version where this issue is fixed, if available. As a temporary workaround, consider restricting access to the SOAPParameter object constructor until a patch is available.

Name of the Vulnerable Software and Affected Versions: PINE versions prior to 4.58 Description: The issue allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type. This is due to a buffer overflow. Recommendations: For versions prior to 4.58, update to version 4.58 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: PINE versions prior to 4.58 Description: The issue is related to an integer signedness error in the `rfc2231 get param` function from `strings.c`. This error allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number. Recommendations: For versions prior to 4.58, update to version 4.58 or later to resolve the issue. As a temporary workaround, consider restricting access to emails that could potentially exploit this issue until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Debian GNU/Linux kernel-pcmcia-modules versions 2.4.18-1-686 through 2.4.18-1-686 Debian GNU/Linux kernel-doc versions 2.4.16 through 2.4.20 Debian GNU/Linux kernel-image versions 2.4.16 through 2.4.20 Debian GNU/Linux kernel-headers versions 2.4.16 through 2.4.20 Debian GNU/Linux kernel-source versions 2.4.16 through 2.4.20 Debian GNU/Linux kernel-patch versions 2.4.16 through 2.4.20 Red Hat Linux kernel versions 2.4.20 and earlier Red Hat Linux kernel-bigmem versions 2.4.20 and earlier Red Hat Linux kernel-BOOT versions 2.4.20 and earlier Red Hat Linux kernel-doc versions 2.4.20 and earlier Red Hat Linux kernel-smp versions 2.4.20 and earlier Gentoo Linux aa-sources versions prior to 2.4.23-r2 **Description** The issue affects multiple components of the Linux kernel in various operating systems, including Debian GNU/Linux and Red Hat Linux. Exploitation of these vulnerabilities can lead to a breach of confidentiality, integrity, and availability of protected information. The vulnerabilities can be exploited locally or remotely, depending on the specific component and version. A buffer overflow in the ISO9660 file system component allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry. **Recommendations** For Debian GNU/Linux kernel-pcmcia-modules versions 2.4.18-1-686 and earlier, update to a newer version. For Debian GNU/Linux kernel-doc versions 2.4.16 through 2.4.20, update to a newer version. For Debian GNU/Linux kernel-image versions 2.4.16 through 2.4.20, update to a newer version. For Debian GNU/Linux kernel-headers versions 2.4.16 through 2.4.20, update to a newer version. For Debian GNU/Linux kernel-source versions 2.4.16 through 2.4.20, update to a newer version. For Debian GNU/Linux kernel-patch versions 2.4.16 through 2.4.20, update to a newer version. For Red Hat Linux kernel versions 2.4.20 and earlier, update to a newer version. For Red Hat Linux kernel-bigmem versions 2.4.20 and earlier, update to a newer version. For Red Hat Linux kernel-BOOT versions 2.4.20 and earlier, update to a newer version. For Red Hat Linux kernel-doc versions 2.4.20 and earlier, update to a newer version. For Red Hat Linux kernel-smp versions 2.4.20 and earlier, update to a newer version. For Gentoo Linux aa-sources versions prior to 2.4.23-r2, update to version 2.4.23-r2 or later. As a temporary workaround, consider disabling the vulnerable components until a patch is available. Restrict access to the vulnerable modules to minimize the risk of exploitation. Avoid using the affected kernel versions until an update is applied.