Frugalware Let's make things frugal!
En Fr Es It

Frugalware Security Announcements (FSAs)

This is a list of security announcments that have been released for the current stable version of Frugalware
Package:django
Date:2014-04-22
Posted by:kikadf
Vulnerable version:1.5.2-1
Unaffected version:1.5.2-2arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0472 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0473 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0474
Description:Benjamin Bach discovered that Django incorrectly handled dotted Python paths when using the reverse() function. Paul McMillan discovered that Django incorrectly cached certain pages that contained CSRF cookies. Michael Koziarski discovered that Django did not always perform explicit conversion of certain fields when using a MySQL database.
Package:qemu
Date:2014-04-20
Posted by:kikadf
Vulnerable version:1.5.2-3arcturus2
Unaffected version:1.5.2-3arcturus3
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0150
Description:Michael S. Tsirkin of Red Hat discovered a buffer overflow flaw in the way qemu processed MAC addresses table update requests from the guest. A privileged guest user could use this flaw to corrupt qemu process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the qemu process.
Package:openssl
Date:2014-04-18
Posted by:kikadf
Vulnerable version:1.0.1-5arcturus2
Unaffected version:1.0.1-5arcturus3
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298
Description:A read buffer can be freed even when it still contains data that is used later on, leading to a use-after-free. Given a race condition in a multi-threaded application it may permit an attacker to inject data from one connection into another or cause denial of service.
Package:ntp
Date:2014-04-18
Posted by:kikadf
Vulnerable version:4.2.6p5-2
Unaffected version:4.2.6p5-3arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211
Description:The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
Package:openssh
Date:2014-04-18
Posted by:kikadf
Vulnerable version:6.1p1-1
Unaffected version:6.1p1-2arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4548 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2653
Description:Jann Horn discovered that OpenSSH incorrectly handled wildcards in AcceptEnv lines. A remote attacker could use this issue to trick OpenSSH into accepting any environment variable that contains the characters before the wildcard character. Matthew Vernon reported that if a SSH server offers a HostCertificate that the ssh client doesn't accept, then the client doesn't check the DNS for SSHFP records. As a consequence a malicious server can disable SSHFP-checking by presenting a certificate.
Package:python
Date:2014-04-18
Posted by:kikadf
Vulnerable version:2.7.5-1
Unaffected version:2.7.5-2arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1912
Description:Ryan Sleevi discovered that NULL characters in the subject alternate names of SSL cerficates were parsed incorrectly. Ryan Smith-Roberts discovered a buffer overflow in the socket.recvfrom_into() function.
Package:imaging
Date:2014-04-17
Posted by:kikadf
Vulnerable version:1.1.7-4
Unaffected version:1.1.7-5arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1932 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1933
Description:Jakub Wilk discovered that the Python Imaging Library incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files, or gain access to temporary file contents.
Package:xalan-j
Date:2014-04-17
Posted by:kikadf
Vulnerable version:2.7.1-2
Unaffected version:2.7.1-3arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0107
Description:Nicolas Gregoire discovered several vulnerabilities in libxalan2-java, a Java library for XSLT processing. Crafted XSLT programs could access system properties or load arbitrary classes, resulting in information disclosure and, potentially, arbitrary code execution.
Package:wordpress
Date:2014-04-17
Posted by:kikadf
Vulnerable version:3.5.1-1
Unaffected version:3.9-1arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0166
Description:A user with a contributor role, using a specially crafted request, can publish posts, which is reserved for users of the next-higher role. Jon Cave of the WordPress security team discovered that the wp_validate_auth_cookie function in wp-includes/pluggable.php does not properly determine the validity of authentication cookies, allowing a remote attacker to obtain access via a forged cookie.
Package:strongswan
Date:2014-04-17
Posted by:kikadf
Vulnerable version:5.0.1-1
Unaffected version:5.0.1-2arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5018 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6075 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2338
Description:A vulnerability has been found in the ASN.1 parser of strongSwan, an IKE daemon used to establish IPsec protected links. An authentication bypass vulnerability was found in charon, the daemon handling IKEv2 in strongSwan, an IKE/IPsec suite. The state machine handling the security association (IKE_SA) handled some state transitions incorrectly.
Package:samba
Date:2014-04-17
Posted by:kikadf
Vulnerable version:3.6.9-4arcturus1
Unaffected version:3.6.23-1arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4496 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6442
Description:Andrew Bartlett discovered that Samba did not properly enforce the password guessing protection mechanism for all interfaces. Samba have a flaw in the smbcacls command. If smbcacls is used with the "-C|--chown name" or "-G|--chgrp name" command options it will remove the existing ACL on the object being modified, leaving the file or directory unprotected.
Package:postfixadmin
Date:2014-04-17
Posted by:kikadf
Vulnerable version:2.3.6-1
Unaffected version:2.3.6-2arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2655
Description:An SQL injection vulnerability was discovered in postfixadmin, a web administration interface for the Postfix Mail Transport Agent, which allowed authenticated users to make arbitrary manipulations to the database.
Package:net-snmp
Date:2014-04-16
Posted by:kikadf
Vulnerable version:5.7.1-3
Unaffected version:5.7.1-4arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6151 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2284 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2285
Description:Ken Farnen discovered that Net-SNMP incorrectly handled AgentX timeouts. It was discovered that the Net-SNMP ICMP-MIB incorrectly validated input. Viliam Púčik discovered that the Net-SNMP perl trap handler incorrectly handled NULL arguments.
Package:jbigkit
Date:2014-04-16
Posted by:kikadf
Vulnerable version:2.0-2
Unaffected version:2.0-3arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6369
Description:Florian Weimer of the Red Hat product security team discovered multiple buffer overflows in jbigkit, which could lead to the execution of arbitrary code when processing malformed images.
Package:curl
Date:2014-04-16
Posted by:kikadf
Vulnerable version:7.26.0-2arcturus2
Unaffected version:7.26.0-2arcturus3
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0139
Description:Steve Holme discovered that libcurl can in some circumstances re-use the wrong connection when asked to do transfers using other protocols than HTTP and FTP. Richard Moore from Westpoint Ltd. reported that libcurl does not behave compliant to RFC 2828 under certain conditions and incorrectly validates wildcard SSL certificates containing literal IP addresses.
Package:libyaml
Date:2014-04-14
Posted by:kikadf
Vulnerable version:0.1.4-3arcturus1
Unaffected version:0.1.4-3arcturus2
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2525
Description:Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library.
Package:apache
Date:2014-04-14
Posted by:kikadf
Vulnerable version:2.2.23-2
Unaffected version:2.2.23-3arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098
Description:Ning Zhang and Amin Tora discovered that the mod_dav module incorrectly handled whitespace characters in CDATA sections. Rainer M Canavan discovered that the mod_log_config module incorrectly handled certain cookies.
Package:actionmailer
Date:2014-04-14
Posted by:kikadf
Vulnerable version:3.2.6-1
Unaffected version:3.2.6-2arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
Description:Aaron Neyer discovered that missing input sanitising in the logging component of Ruby Actionmailer could result in denial of service through a malformed e-mail message.
Package:actionpack
Date:2014-04-14
Posted by:kikadf
Vulnerable version:3.2.6-1
Unaffected version:3.2.6-2arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3424 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3463 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
Description:Toby Hsieh, Peter McLarnan, Ankit Gupta, Sudhir Rao and Kevin Reintjes discovered multiple cross-site scripting and denial of service vulnerabilities in Ruby Actionpack.
Package:a2ps
Date:2014-04-12
Posted by:kikadf
Vulnerable version:4.14-4
Unaffected version:4.14-5arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1953 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0466
Description:The spy_user function which is called when a2ps is invoked with the --debug flag insecurely used temporary files. Brian M. Carlson reported that a2ps's fixps script does not invoke gs with the -dSAFER option. Consequently executing fixps on a malicious PostScript file could result in files being deleted or arbitrary commands being executed with the privileges of the user running fixps.
Package:openssl
Date:2014-04-08
Posted by:James Buren
Vulnerable version:1.0.1-5arcturus1
Unaffected version:1.0.1-5arcturus2
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
Description:A vulnerability has been discovered in OpenSSL's support for the TLS/DTLS Heartbeat extension. Up to 64KB of memory from either client or server can be recovered by an attacker. This vulnerability might allow an attacker to compromise the private key and other sensitive data in memory.
Package:lighttpd
Date:2014-03-15
Posted by:kikadf
Vulnerable version:1.4.32-2
Unaffected version:1.4.35-1arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2323 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2324 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4508 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4559 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4560
Description:Jann Horn discovered that specially crafted host names can be used to inject arbitrary MySQL queries in lighttpd servers using the MySQL virtual hosting module (mod_mysql_vhost). Jann Horn discovered that specially crafted host names can be used to traverse outside of the document root under certain situations in lighttpd servers using either the mod_mysql_vhost, mod_evhost, or mod_simple_vhost virtual hosting modules.
Package:mutt-devel
Date:2014-03-14
Posted by:kikadf
Vulnerable version:1.5.21-3
Unaffected version:1.5.21-4arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0467
Description:Beatrice Torracca and Evgeni Golov discovered a buffer overflow in the mutt mailreader. Malformed RFC2047 header lines could result in denial of service or potentially the execution of arbitrary code.
Package:php
Date:2014-03-13
Posted by:kikadf
Vulnerable version:5.3.26-1
Unaffected version:5.3.26-2arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4413 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6712 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943
Description:It was discovered that file, a file type classification tool, contains a flaw in the handling of indirect magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files.
Package:icedtea-web
Date:2014-03-13
Posted by:kikadf
Vulnerable version:1.3.1-1
Unaffected version:1.3.1-2arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6493
Description:Michael Scherer discovered that IcedTea Web created temporary directories in an unsafe fashion.
Package:cups-filters
Date:2014-03-13
Posted by:kikadf
Vulnerable version:1.0.24-1
Unaffected version:1.0.24-2arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6474 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6476
Description:Florian Weimer of the Red Hat Product Security Team discovered multiple vulnerabilities in the pdftoopvp CUPS filter, which could result in the execution of aribitrary code if a malformed PDF file is processed.
Package:libssh
Date:2014-03-13
Posted by:kikadf
Vulnerable version:0.5.3-1
Unaffected version:0.5.3-2arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0176 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0017
Description:Aris Adamantiadis discovered that libssh allowed the OpenSSL PRNG state to be reused when implementing forking servers.
Package:udisks
Date:2014-03-13
Posted by:kikadf
Vulnerable version:1.0.4-7
Unaffected version:1.0.4-8arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0004
Description:Florian Weimer discovered a buffer overflow in udisks's mount path parsing code which may result in privilege escalation.
Package:file
Date:2014-03-13
Posted by:kikadf
Vulnerable version:5.14-2arcturus1
Unaffected version:5.14-2arcturus2
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270
Description:Aaron Reffett reported a flaw in the way the file utility determined the type of Portable Executable (PE) format files, the executable format used on Windows. When processing a defective or intentionally prepared PE executable which contains invalid offset information, the file_strncmp routine will access memory that is out of bounds, causing file to crash.
Package:wireshark
Date:2014-03-13
Posted by:kikadf
Vulnerable version:1.8.6-1
Unaffected version:1.8.13-1arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2281 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2283 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2299
Description:Moshe Kaplan discovered that the NFS dissector could be crashed, resulting in denial of service. It was discovered that the RLC dissector could be crashed, resulting in denial of service. Wesley Neelen discovered a buffer overflow in the MPEG file parser, which could lead to the execution of arbitrary code.
Package:postgresql
Date:2014-03-13
Posted by:kikadf
Vulnerable version:9.1.9-1
Unaffected version:9.1.12-1arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0060 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0061 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0062 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0063 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0064 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0065 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0066 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0067
Description:Shore up GRANT ... WITH ADMIN OPTION restrictions (Noah Misch). Prevent privilege escalation via manual calls to PL validator functions (Andres Freund). Avoid multiple name lookups during table and index DDL (Robert Haas, Andres Freund). Prevent buffer overrun with long datetime strings (Noah Misch). Prevent buffer overrun due to integer overflow in size calculations (Noah Misch, Heikki Linnakangas). Prevent overruns of fixed-size buffers (Peter Eisentraut, Jozef Mlich). Avoid crashing if crypt() returns NULL (Honza Horak, Bruce Momjian). Document risks of make check in the regression testing instructions (Noah Misch, Tom Lane).
Package:gnutls
Date:2014-03-05
Posted by:kikadf
Vulnerable version:2.12.17-1
Unaffected version:2.12.17-2arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0092 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1959
Description:Nikos Mavrogiannopoulos of Red Hat discovered an X.509 certificate verification issue in GnuTLS, an SSL/TLS library. A certificate validation could be reported sucessfully even in cases were an error would prevent all verification steps to be performed. Suman Jana reported that GnuTLS, deviating from the documented behavior, considers a version 1 intermediate certificate as a CA certificate by default.
Package:file
Date:2014-02-27
Posted by:kikadf
Vulnerable version:5.14-1
Unaffected version:5.14-2arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943
Description:It was discovered that file, a file type classification tool, contains a flaw in the handling of "indirect" magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files.
Package:libtar
Date:2014-02-27
Posted by:kikadf
Vulnerable version:1.2.11-5
Unaffected version:1.2.20-1arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4420
Description:Timo Warns reported multiple integer overflow vulnerabilities in libtar, a library for manipulating tar archives, which can result in the execution of arbitrary code. A directory traversal attack was reported against libtar, a C library for manipulating tar archives. The application does not validate the filenames inside the tar archive, allowing to extract files in arbitrary path. An attacker can craft a tar file to override files beyond the tar_extract_glob and tar_extract_all prefix parameter.
Package:perl
Date:2014-02-14
Posted by:kikadf
Vulnerable version:5.14.1-5
Unaffected version:5.14.1-6arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5526 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6329 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667
Description:It was discovered that Perl's Locale::Maketext module incorrectly handled backslashes and fully qualified method names. An attacker could possibly use this flaw to execute arbitrary code when an application used untrusted templates.
Package:pidgin
Date:2014-02-14
Posted by:kikadf
Vulnerable version:2.10.7-1
Unaffected version:2.10.7-2arcturus2
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6152 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6477 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6478 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6479 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6481 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6482 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6483 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6484 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6485 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6487 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6489 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6490 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0020
Description:Jaime Breva Ribes discovered that a remote XMPP user can trigger a crash by sending a message with a timestamp in the distant future. Pidgin could be crashed through overly wide tooltip windows. Jacob Appelbaum discovered that a malicious server or a "man in the middle" could send a malformed HTTP header resulting in denial of service. Daniel Atallah discovered that Pidgin could be crashed through malformed Yahoo! P2P messages. Fabian Yamaguchi and Christian Wressnegger discovered that Pidgin could be crashed through malformed MSN messages. Fabian Yamaguchi and Christian Wressnegger discovered that Pidgin could be crashed through malformed XMPP messages. It was discovered that incorrect error handling when reading the response from a STUN server could result in a crash. Matt Jones discovered a buffer overflow in the parsing of malformed HTTP responses. Yves Younan and Ryan Pentney discovered a buffer overflow when parsing Gadu-Gadu messages. Yves Younan and Pawel Janic discovered an integer overflow when parsing MXit emoticons. Yves Younan discovered a buffer overflow when parsing SIMPLE headers. Daniel Atallah discovered that Pidgin could be crashed via malformed IRC arguments.
Package:mumble
Date:2014-02-14
Posted by:kikadf
Vulnerable version:1.2.4-1
Unaffected version:1.2.4-2arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0045
Description:It was discovered that a malformed Opus voice packet sent to a Mumble client could trigger a NULL pointer dereference or an out-of-bounds array access. A malicious remote attacker could exploit this flaw to mount a denial of service attack against a mumble client by causing the application to crash. It was discovered that a malformed Opus voice packet sent to a Mumble client could trigger a heap-based buffer overflow. A malicious remote attacker could use this flaw to cause a client crash (denial of service) or potentially use it to execute arbitrary code.
Package:libgadu
Date:2014-02-14
Posted by:kikadf
Vulnerable version:1.11.2-1
Unaffected version:1.11.2-2arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6487
Description:Yves Younan and Ryan Pentney discovered that libgadu, a library for accessing the Gadu-Gadu instant messaging service, contained an integer overflow leading to a buffer overflow. Attackers which impersonate the server could crash clients and potentially execute arbitrary code.
Package:drupal6
Date:2014-02-07
Posted by:kikadf
Vulnerable version:6.28-1
Unaffected version:6.30-1arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1475
Description:Multiple vulnerabilities have been discovered in Drupal, a fully-featured content management framework: Cross-site request forgery, insecure pseudo random number generation, code execution, incorrect security token validation and cross-site scripting. Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts.
Package:drupal7
Date:2014-02-07
Posted by:kikadf
Vulnerable version:7.22-1
Unaffected version:7.22-2arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1476
Description:Multiple vulnerabilities have been discovered in Drupal, a fully-featured content management framework: Cross-site request forgery, insecure pseudo random number generation, code execution, incorrect security token validation and cross-site scripting. Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts. Matt Vance and Damien Tournoud reported an access bypass vulnerability in the taxonomy module. Under certain circumstances, unpublished content can appear on listing pages provided by the taxonomy module and will be visible to users who should not have permission to see it.
Package:curl
Date:2014-02-06
Posted by:kikadf
Vulnerable version:7.26.0-2arcturus1
Unaffected version:7.26.0-2arcturus2
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0015
Description:Paras Sethia and Yehezkel Horowitz discovered that libcurl incorrectly reused connections when NTLM authentication was being used. This could lead to the use of unintended credentials, possibly exposing sensitive information.
Package:libotr
Date:2014-02-06
Posted by:kikadf
Vulnerable version:3.2.0-3
Unaffected version:3.2.0-4arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3461
Description:Just Ferguson discovered that libotr, an off-the-record (OTR) messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can exploit this flaw by sending crafted messages to an application that is using libotr to perform denial of service attacks or potentially execute arbitrary code.
Package:libyaml
Date:2014-02-06
Posted by:kikadf
Vulnerable version:0.1.4-2
Unaffected version:0.1.4-3arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2013-6393
Description:Florian Weimer discovered that LibYAML incorrectly handled certain large yaml documents. An attacker could use this issue to cause LibYAML to crash, resulting in a denial of service, or possibly execute arbitrary code.
Package:qemu
Date:2014-02-06
Posted by:kikadf
Vulnerable version:1.5.2-2
Unaffected version:1.5.2-3arcturus2
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4344 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4375 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4377
Description:Asias He discovered that QEMU incorrectly handled SCSI controllers with more than 256 attached devices. A local user could possibly use this flaw to elevate privileges. (CVE-2013-4344) It was discovered that QEMU incorrectly handled Xen disks. A local guest could possibly use this flaw to consume resources, resulting in a denial of service. (CVE-2013-4375) Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging. A local user could possibly use this flaw to cause a denial of service. (CVE-2013-4377)
Package:gnupg
Date:2014-01-18
Posted by:kikadf
Vulnerable version:1.4.14-1
Unaffected version:1.4.14-2arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4576
Description:Daniel Kahn Gillmor discovered that GnuPG treated keys with empty usage flags as being valid for all usages. (CVE-2013-4351) Taylor R Campbell discovered that GnuPG incorrectly handled certain OpenPGP messages. (CVE-2013-4402) Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an adaptive chosen ciphertext attack via acoustic emanations. (CVE-2013-4576)
Package:curl
Date:2014-01-18
Posted by:kikadf
Vulnerable version:7.26.0-1
Unaffected version:7.26.0-2arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0249 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1944 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4545 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6422
Description:CVE-2013-0249: It was discovered that curl incorrectly handled SASL authentication when communicating over POP3, SMTP or IMAP. CVE-2013-1944: Yamada Yasuharu discovered that cURL, an URL transfer library, is vulnerable to expose potentially sensitive information when doing requests across domains with matching tails. CVE-2013-2174: Timo Sirainen discovered that cURL, an URL transfer library, is prone to a heap overflow vulnerability due to bad checking of the input data in the curl_easy_unescape function. CVE-2013-4545: Scott Cantor discovered that curl, a file retrieval tool, would disable the CURLOPT_SSLVERIFYHOST check when the CURLOPT_SSL_VERIFYPEER setting was disabled. This would also disable ssl certificate host name checks when it should have only disabled verification of the certificate trust chain. CVE-2013-6422: Marc Deslauriers discovered that curl, a file retrieval tool, would mistakenly skip verifying the CN and SAN name fields when digital signature verification was disabled in the libcurl GnuTLS backend.
Package:cups
Date:2014-01-17
Posted by:kikadf
Vulnerable version:1.6.1-2
Unaffected version:1.6.1-3arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6891
Description:Jann Horn discovered that the CUPS lppasswd tool incorrectly read a user configuration file in certain configurations. A local attacker could use this to read sensitive information from certain files, bypassing access restrictions.
Package:nspr
Date:2014-01-17
Posted by:kikadf
Vulnerable version:4.9.2-3
Unaffected version:4.9.2-4arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5607
Description:It was discovered that NSPR, Netscape Portable Runtime library, could crash an application using the library when parsing a certificate that causes an integer overflow. This flaw only affects 64-bit systems.
Package:graphviz
Date:2014-01-17
Posted by:kikadf
Vulnerable version:2.28.0-1
Unaffected version:2.28.0-2arcturus2
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0978 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1236
Description:CVE-2014-0978: It was discovered that user-supplied input used in the yyerror() function in lib/cgraph/scan.l is not bound-checked before beeing copied into an insufficiently sized memory buffer. A context-dependent attacker could supply a specially crafted input file containing a long line to cause a stack-based buffer overlow, resulting in a denial of service (application crash) or potentially allowing the execution of arbitrary code. CVE-2014-1236: Sebastian Krahmer reported an overflow condition in the chkNum() function in lib/cgraph/scan.l that is triggered as the used regular expression accepts an arbitrary long digit list. With a specially crafted input file, a context-dependent attacker can cause a stack-based buffer overflow, resulting in a denial of service (application crash) or potentially allowing the execution of arbitrary code.
Package:djvulibre
Date:2014-01-17
Posted by:kikadf
Vulnerable version:3.5.25.2-1
Unaffected version:3.5.25.2-2arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6535
Description:It was discovered that djvulibre, the Open Source DjVu implementation project, can be crashed or possibly make it execute arbitrary code when processing a specially crafted djvu file.
Package:hplip
Date:2014-01-16
Posted by:kikadf
Vulnerable version:3.12.11-1
Unaffected version:3.12.11-2arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4267 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4325 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6427
Description:Multiple vulnerabilities have been found in the HP Linux Printing and Imaging System: Insecure temporary files, insufficient permission checks in PackageKit and the insecure hp-upgrade service has been disabled.
Package:bind
Date:2014-01-14
Posted by:kikadf
Vulnerable version:9.9.2-2
Unaffected version:9.9.4-1arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4854 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0591
Description:libdns allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process. Maxim Shudrak and the HP Zero Day Initiative reported a denial of service vulnerability in BIND, a DNS server. A specially crafted query that includes malformed rdata can cause named daemon to terminate with an assertion failure while rejecting the malformed query.
Package:memcached
Date:2014-01-13
Posted by:kikadf
Vulnerable version:1.4.15-1
Unaffected version:1.4.15-2arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7239
Description:It was reported that SASL authentication could be bypassed due to a flaw related to the managment of the SASL authentication state. With a specially crafted request, a remote attacker may be able to authenticate with invalid SASL credentials.
Package:openssl
Date:2014-01-12
Posted by:kikadf
Vulnerable version:1.0.1-4
Unaffected version:1.0.1-5arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4353 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6449 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6450
Description:Anton Johansson discovered that an invalid TLS handshake package could crash OpenSSL with a NULL pointer dereference. Multiple security issues have been fixed in OpenSSL: The TLS 1.2 support was susceptible to denial of service and retransmission of DTLS messages was fixed. In addition this update disables the insecure Dual_EC_DRBG algorithm and no longer uses the RdRand feature available on some Intel CPUs as a sole source of entropy unless explicitly requested.
Package:spice
Date:2014-01-12
Posted by:kikadf
Vulnerable version:0.12.2-1
Unaffected version:0.12.2-2arcturus1
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4130
Description:David Gibson of Red Hat discovered that SPICE incorrectly handled certain network errors. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application.
Package:libxfont
Date:2014-01-10
Posted by:kikadf
Vulnerable version:1.4.5-1
Unaffected version:1.4.5-2arcturus2
Bug tracker entry:
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6462
Description:It was discovered that a buffer overflow in the processing of Glyph Bitmap Distribution fonts (BDF) could result in the execution of arbitrary code.
Package:drupal6-webform
Date:2012-03-08
Posted by:James Buren
Vulnerable version:6.x_3.15-1
Unaffected version:6.x_3.17-fermus1
Bug tracker entry:https://bugs.frugalware.org/ticket/4671
CVEs:none
Description:A security issue and a vulnerability have been reported in drupal6-webform, which can be exploited by malicious people to manipulate certain data and bypass certain security restrictions. 1) Certain unspecified input is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.
Package:phpmyadmin
Date:2012-03-08
Posted by:James Buren
Vulnerable version:3.4.9-1
Unaffected version:3.4.10.1-fermus1
Bug tracker entry:https://bugs.frugalware.org/ticket/4659
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1190
Description:A security issue and a vulnerability have been reported in phpmyadmin, which can be exploited by malicious people to manipulate certain data and bypass certain security restrictions. 1) It was possible to conduct XSS using a crafted database name.
Package:thunderbird
Date:2012-03-08
Posted by:James Buren
Vulnerable version:10.0-1
Unaffected version:10.0.2-fermus1
Bug tracker entry:https://bugs.frugalware.org/ticket/4663
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026
Description:A security issue and a vulnerability have been reported in thunderbird, which can be exploited by malicious people to manipulate certain data and bypass certain security restrictions. 1) Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.
Package:chromium-browser
Date:2012-03-08
Posted by:James Buren
Vulnerable version:16.0.912.63-2
Unaffected version:17.0.963.47-fermus1
Bug tracker entry:https://bugs.frugalware.org/ticket/4664
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026
Description:A security issue and a vulnerability have been reported in chromium-browser, which can be exploited by malicious people to manipulate certain data and bypass certain security restrictions. 1) Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.
Package:firefox
Date:2012-03-08
Posted by:James Buren
Vulnerable version:10.0-1
Unaffected version:10.0.2-fermus1
Bug tracker entry:https://bugs.frugalware.org/ticket/4662
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026
Description:A security issue and a vulnerability have been reported in firefox, which can be exploited by malicious people to manipulate certain data and bypass certain security restrictions. 1) Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.
Package:flashplugin
Date:2012-03-08
Posted by:James Buren
Vulnerable version:11.1.102.55-1
Unaffected version:11.1.102.63-fermus1
Bug tracker entry:https://bugs.frugalware.org/ticket/4673
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0768 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0769
Description:A security issue and a vulnerability have been reported in flashplugin, which can be exploited by malicious people to manipulate certain data and bypass certain security restrictions. 1) The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. 2) Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers, which allows attackers to obtain sensitive information via unspecified vectors.
Package:drupal6
Date:2012-02-05
Posted by:Miklos Vajna
Vulnerable version:6.22-1
Unaffected version:6.24-1mores1
Bug tracker entry:https://bugs.frugalware.org/ticket/4654
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0825 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0826 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0827
Description:A security issue and a vulnerability have been reported in Drupal, which can be exploited by malicious people to manipulate certain data and bypass certain security restrictions. 1) The security issue is caused due to the OpenID module not properly verifying the signature of Attribute Exchange (AX) information, which can be exploited to manipulate AX information. 2) An error in the File module when using certain field access modules can be exploited to download private files which would otherwise be restricted.
Package:drupal7
Date:2012-02-05
Posted by:Miklos Vajna
Vulnerable version:7.7-1
Unaffected version:7.12-1mores1
Bug tracker entry:https://bugs.frugalware.org/ticket/4655
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0825 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0826 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0827
Description:A security issue and a vulnerability have been reported in Drupal, which can be exploited by malicious people to manipulate certain data and bypass certain security restrictions. 1) The security issue is caused due to the OpenID module not properly verifying the signature of Attribute Exchange (AX) information, which can be exploited to manipulate AX information. 2) An error in the File module when using certain field access modules can be exploited to download private files which would otherwise be restricted.
Package:wireshark
Date:2012-02-05
Posted by:Miklos Vajna
Vulnerable version:1.6.3-1mores1
Unaffected version:1.6.5-1mores1
Bug tracker entry:https://bugs.frugalware.org/ticket/4650
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0041 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0042 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0043 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0066 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0067 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0068
Description:Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a user's system. 1) NULL pointer dereference errors when reading certain packet information can be exploited to cause a crash. 2) An error within the RLC dissector can be exploited to cause a buffer overflow via a specially crafted RLC packet capture file. Successful exploitation of this vulnerability may allow execution of arbitrary code. 3) An error within the "lanalyzer_read()" function (wiretap/lanalyzer.c) when parsing LANalyzer files can be exploited to cause a heap-based buffer underflow. Successful exploitation of this vulnerability may allow execution of arbitrary code. NOTE: A weakness within the file parser, which can lead to a crash when handling capture files has also been reported.
Package:wordpress
Date:2012-02-05
Posted by:Miklos Vajna
Vulnerable version:3.2.1-1
Unaffected version:3.3.1-1mores1
Bug tracker entry:https://bugs.frugalware.org/ticket/4644
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0287
Description:Aditya Modha and Samir Shah discovered a vulnerability in WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the URL to e.g. wp-comments-post.php is not properly sanitised within the "wp_guess_url()" function in wp-includes/functions.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Package:phpmyadmin
Date:2012-02-05
Posted by:Miklos Vajna
Vulnerable version:3.4.8-1mores1
Unaffected version:3.4.9-1mores1
Bug tracker entry:https://bugs.frugalware.org/ticket/4643
CVEs:http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4780
Description:Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections.
Package:phpmyadmin
Date:2011-12-23
Posted by:Miklos Vajna
Vulnerable version:3.4.7.1-1mores1
Unaffected version:3.4.8-1mores1
Bug tracker entry:https://bugs.frugalware.org/ticket/4640
CVEs:http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4634
Description:Using crafted database names, it was possible to produce XSS in the Database Synchronize and Database rename panels. Using an invalid and crafted SQL query, it was possible to produce XSS when editing a query on a table overview panel or when using the view creation dialog. Using a crafted column type, it was possible to produce XSS in the table search and create index dialogs.
Package:roundcube
Date:2011-12-23
Posted by:Miklos Vajna
Vulnerable version:0.5.4-1mores1
Unaffected version:0.7-1mores1
Bug tracker entry:https://bugs.frugalware.org/ticket/4642
CVEs:No CVE, see http://sourceforge.net/news/?group_id=139281&id=305129.
Description:Beside fixing bugs the developers added some security improvements which will protect the Roundcube users from XSS and clickjacking attacks.
Package:wireshark
Date:2011-12-23
Posted by:Miklos Vajna
Vulnerable version:1.6.2-1mores1
Unaffected version:1.6.3-1mores1
Bug tracker entry:https://bugs.frugalware.org/ticket/4633
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4100 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4102
Description:Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. 1) An error related to an uninitialised variable within the CSN.1 dissector can be exploited to cause a crash. 2) A NULL pointer dereference error within the Infiniband dissector can be exploited to cause a crash. 3) An error within the ERF file parser can be exploited to cause a heap-based buffer overflow. Successful exploitation of this vulnerability may allow execution of arbitrary code.
Package:drupal6-views
Date:2011-12-23
Posted by:Miklos Vajna
Vulnerable version:6.x_2.12-2
Unaffected version:6.x_2.14-1mores1
Bug tracker entry:https://bugs.frugalware.org/ticket/4632
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4113
Description:A vulnerability has been reported in the Views module for Drupal, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via certain filters or arguments on certain types of views is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Package:libreoffice
Date:2011-10-06
Posted by:Miklos Vajna
Vulnerable version:3.4.2.3-1
Unaffected version:3.4.3.2-1mores1
Bug tracker entry:http://bugs.frugalware.org/task/4609
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2713
Description:Red Hat, Inc. security researcher Huzaifa Sidhpurwala reported multiple vulnerabilities in the binary Microsoft Word (doc) file format importer where custom crafted documents trigger out of bounds behaviour. Thanks to Huzaifa Sidhpurwala of Red Hat Security Team for reporting this vulnerability.
Package:django
Date:2011-09-17
Posted by:Miklos Vajna
Vulnerable version:1.3-2
Unaffected version:1.3.1-1mores1
Bug tracker entry:http://bugs.frugalware.org/task/4590
CVEs:No CVE, see https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/
Description:Some vulnerabilities have been reported in Django, which can be exploited by malicious people to disclose certain system information, manipulate certain data, conduct cache poisoning attacks, and cause a DoS (Denial of Service). 1) An error within the handling of sessions within django.contrib.sessions when using the caching backend can be exploited to manipulate session information. Successful exploitation requires that the session key is known and the application allows attackers to store dictionary-like objects with a valid session key in the cache. 2) An error when verifying if URLs provided to the "URLField" field type correctly resolve can be exploited to exhaust all of the server's processes and memory by providing an URL to a malicious server. 3) An error within the handling of redirect responses when verifying URLs provided to the "URLField" field type can be exploited to e.g. determine the existence of local files on the server by returning a redirect response to a "file://" URL. 4) An error within the handling of the "X-Forwarded-Host" HTTP header when e.g. generating full URLs for redirect responses can be exploited to conduct cache poisoning attacks.
Package:librsvg
Date:2011-09-13
Posted by:Miklos Vajna
Vulnerable version:2.34.0-1
Unaffected version:2.34.1-1mores1
Bug tracker entry:http://bugs.frugalware.org/task/4582
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3146
Description:A vulnerability has been reported in librsvg, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerability is caused due to an error within the handling of node types, which can be exploited to dereference invalid memory via specially crafted SVG images.
Package:mantis
Date:2011-09-09
Posted by:Miklos Vajna
Vulnerable version:1.2.7-1mores1
Unaffected version:1.2.8-1mores1
Bug tracker entry:http://bugs.frugalware.org/task/4586
CVEs:No CVE, see https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html
Description:Some vulnerabilities have been reported in MantisBT, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information and by malicious users to compromise a vulnerable system. 1) Certain input passed via the URL is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "action" parameter in bug_actiongroup_ext_page.php and bug_actiongroup_page.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes. Note: In combination with MantisBT's file upload functionality, this can be exploited to execute arbitrary PHP code. 3) Input passed to the "os", "os_build", and "platform" parameters in bug_report_page.php and bug_update_advanced_page.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a users browser session in context of an affected site.
Package:apache
Date:2011-09-07
Posted by:Miklos Vajna
Vulnerable version:2.2.19-2mores1
Unaffected version:2.2.20-1mores1
Bug tracker entry:http://bugs.frugalware.org/task/4571
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
Description:Kingcope has discovered a vulnerability in Apache HTTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the ByteRange filter when processing requests containing a large amount of ranges, which can be exploited to exhaust memory via specially crafted HTTP requests sent to the server.
Package:foomatic-filters
Date:2011-09-03
Posted by:Miklos Vajna
Vulnerable version:4.0.1-5
Unaffected version:4.0.1-6mores1
Bug tracker entry:http://bugs.frugalware.org/task/4556
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2924
Description:It was found that foomatic-rip filter used insecurely created temporary file for storage of PostScript data by rendering the data, intended to be sent to the PostScript filter, when the debug mode was enabled. A local attacker could use this flaw to conduct symlink attacks (overwrite arbitrary file accessible with the privileges of the user running the foomatic-rip universal print filter).
Package:phpmyadmin
Date:2011-08-29
Posted by:Miklos Vajna
Vulnerable version:3.4.3.2-1
Unaffected version:3.4.4-1mores1
Bug tracker entry:http://bugs.frugalware.org/task/4567
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3181
Description:Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious users to conduct script insertion attacks. Certain input passed to table, column, and index names is not properly sanitised before being used in the Tracking feature. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.
Package:stunnel
Date:2011-08-28
Posted by:Miklos Vajna
Vulnerable version:4.39-1
Unaffected version:4.42-1mores1
Bug tracker entry:http://bugs.frugalware.org/task/4552
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2940
Description:A vulnerability has been reported in Stunnel, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due to an unspecified error and can be exploited to corrupt heap memory.
Package:krb5
Date:2011-08-27
Posted by:Miklos Vajna
Vulnerable version:1.7-6
Unaffected version:1.7.2-1mores1
Bug tracker entry:http://bugs.frugalware.org/task/4256
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0628 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1320 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321
Description:1) A vulnerability has been reported in Kerberos, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an assertion error within the "spnego_gss_accept_sec_context()" function in src/lib/gssapi/spnego/spnego_mech.c when receiving an invalid packet, which can be exploited to e.g. crash an application using the library by sending a specially crafted packet. 2) Joel Johnson has reported a vulnerability in Kerberos, which can be exploited by malicious users to potentially compromise a vulnerable system. The vulnerability is caused due to an error in KDC within the "process_tgs_req()" function in kdc/do_tgs_req.c when validating or renewing tickets and can be exploited to trigger a double-free condition. Successful exploitation may allow execution of arbitrary code. 3) A vulnerability has been reported in Kerberos, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to a NULL pointer dereference error when processing certain Kerberos AP-REQ authenticators, which can be exploited to cause a crash in e.g. kadmind or other applications linked against the GSS-API library by sending an AP-REQ authenticator with a missing checksum field.
Package:mantis
Date:2011-08-24
Posted by:Miklos Vajna
Vulnerable version:1.2.5-1
Unaffected version:1.2.7-1mores1
Bug tracker entry:http://bugs.frugalware.org/task/4553
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2938
Description:A vulnerability has been discovered in MantisBT, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "project_id" parameter to search.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Package:roundcube
Date:2011-08-23
Posted by:Miklos Vajna
Vulnerable version:0.3-2
Unaffected version:0.5.4-1mores1
Bug tracker entry:http://bugs.frugalware.org/task/4554
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2937
Description:A vulnerability has been reported in RoundCube Webmail, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "_mbox" parameter to various scripts is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Package:xpdf
Date:2011-08-22
Posted by:Miklos Vajna
Vulnerable version:3.02-6
Unaffected version:3.02-7mores1
Bug tracker entry:http://bugs.frugalware.org/task/4236
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3603 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3604 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3606 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609
Description:Some vulnerabilities have been reported in Xpdf, which can be exploited by malicious people to potentially compromise a user's system. 1) Multiple integer overflows in "SplashBitmap::SplashBitmap()" can be exploited to cause heap-based buffer overflows. 2) An integer overflow error in "ObjectStream::ObjectStream()" can be exploited to cause a heap-based buffer overflow. 3) Multiple integer overflows in "Splash::drawImage()" can be exploited to cause heap-based buffer overflows. 4) An integer overflow error in "PSOutputDev::doImageL1Sep()" can be exploited to cause a heap-based buffer overflow when converting a PDF document to a PS file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code by tricking a user into opening a specially crafted PDF file.
Package:flashplugin
Date:2011-08-17
Posted by:Miklos Vajna
Vulnerable version:10.3.181.34-1
Unaffected version:10.3.183.5-1mores1
Bug tracker entry:http://bugs.frugalware.org/task/4545
CVEs:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2130 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2134 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2135 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2136 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2137 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2139 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2140 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2424 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2425
Description:Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to disclose sensitive information and compromise a user's system. 1) An unspecified error can be exploited to cause a buffer overflow and potentially execute arbitrary code. 2) An unspecified error can be exploited to cause a buffer overflow and potentially execute arbitrary code. 3) An error exists within a certain ActionScript function in the "flash.display" class when parsing certain parameters and can be exploited to corrupt memory and potentially execute arbitrary code. 4) An integer overflow error within a certain ActionScript function can be exploited to corrupt memory and potentially execute arbitrary code. 5) An unspecified error can be exploited to cause a buffer overflow and potentially execute arbitrary code. 6) An integer overflow error when handling the "scroll" method of the ActionScript Bitmap class can be exploited to corrupt memory. 7) An unspecified error can be exploited to disclose certain information from another domain. 8) An unspecified error can be exploited to corrupt memory and potentially execute arbitrary code. 9) An unspecified error can be exploited to cause a buffer overflow and potentially execute arbitrary code. 10) An error within the "Setslot()" method when parsing a certain field from an SWF file can be exploited to cause a buffer overflow and potentially execute arbitrary code. 11) An integer overflow error within a certain ActionScript function can be exploited to corrupt memory and potentially execute arbitrary code. 12) An unspecified error can be exploited to corrupt memory and potentially execute arbitrary code. 13) An error within the "Bitmapdata" class when parsing a certain field from an SWF file can be exploited to corrupt memory and potentially execute arbitrary code. 14) 80 unspecified errors of various types when parsing SWF file content may be exploited to corrupt memory.