In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.

Уязвимость функции another_hunk() компонента pch.c программы переноса правок Patch, позволяющая нарушителю вызвать отказ в обслуживании

A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

Уязвимость фунции sparse_dump_region архиватора GNU Tar, связанная с чтением за границами буфера, позволяющая нарушителю вызвать отказ в обслуживании

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).

Уязвимость функции set_file_metadata менеджера загрузок GNU Wget, позволяющая нарушителю получить доступ к защищаемой информации

set_file_metadata in xattr.c in GNU Wget before 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the URL) by reading this attribute, as demonstrated by getfattr. This also applies to Referer information in the user.xdg.referrer.url metadata attribute. According to 2016-07-22 in the Wget ChangeLog, user.xdg.origin.url was partially based on the behavior of fwrite_xattr in tool_xattr.c in curl.