Adományok

Adományozzon, hogy segítse fejlesztési erőfeszítéseinket.


Nyelvek
Váltson nyelvet | Váltson nyelvet | Váltson nyelvet | Váltson nyelvet | Váltson nyelvet | Váltson nyelvet | Váltson nyelvet | Váltson nyelvet | Váltson nyelvet | Váltson nyelvet
Megosztás

Oszd meg a Frugalware-t a barátaiddal.








Frugalware
on Google+
Legfrissebb csomagok
e17-apps/
 enlightenment
0.17.3-1-i686
e17-apps/
 enlightenment
0.17.3-1-x86_64
e17-core/ethumb
1.7.7-1-i686
network-extra/
 dropbear
2013.58-1-i686
devel-extra/
 perl-xml-twig
3.44-1-i686
devel-extra/
 perl-ip-country
2.28-1-i686
lib-extra/ruby-bson
1.8.6-1-i686
lib-extra/opencc
0.4.3-1-i686
games-extra/dustrac
1.3.0-1-i686
e17-core/ethumb
1.7.7-1-x86_64

RSS
Kiadások

frugalware-1.8 (Cinna)
Feb 6, 2013

frugalware-1.7 (Gaia)
Aug 20, 2012

frugalware-1.6 (Fermus)
Feb 13, 2012

frugalware-1.5 (Mores)
Aug 15, 2011

frugalware-1.4 (Nexon)
Feb 13, 2011

frugalware-1.3 (Haven)
Aug 23, 2010

frugalware-1.2 (Locris)
Mar 8, 2010

frugalware-1.1 (Getorin)
Sep 7, 2009

frugalware-1.0 (Anacreon)
Mar 22, 2009

frugalware-0.9 (Solaria)
Sep 9, 2008

frugalware-0.8 (Kalgan)
Mar 11, 2008

frugalware-0.7 (Sayshell)
Oct 13, 2007

frugalware-0.6 (Terminus)
Mar 22, 2007

frugalware-0.5 (Siwenna)
Sep 14, 2006

frugalware-0.4 (Wanda)
Mar 30, 2006

frugalware-0.3 (Trantor)
Oct 13, 2005

frugalware-0.2 (Aurora)
Apr 28, 2005

frugalware-0.1 (Genesis)
Nov 02, 2004

RSS

Információ
Go Frugalware, Go
Valid XHTML 1.0!
Valid CSS!
Valid RSS!
Szerver információk
Uptime:
32 nap 20 ó 51 p 21 mp
Frugalware Biztonsági Bejelentések (FSAk)
Ez a biztonsági bejelentések egy listája a Frugalware jelenlegi stabil verziójához
FSA761 - drupal6-webform
Csomag:drupal6-webform
Dátum:2012-03-08
Beküldte:James Buren
Sebezhető verzió:6.x_3.15-1
Nem érintett verzió:6.x_3.17-fermus1
Hibákövető rendszer bejegyzés:https://bugs.frugalware.org/ticket/4671
CVEk:none
Leírás:A security issue and a vulnerability have been reported in drupal6-webform, which can be exploited by malicious people to manipulate certain data and bypass certain security restrictions. 1) Certain unspecified input is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.
FSA760 - phpmyadmin
Csomag:phpmyadmin
Dátum:2012-03-08
Beküldte:James Buren
Sebezhető verzió:3.4.9-1
Nem érintett verzió:3.4.10.1-fermus1
Hibákövető rendszer bejegyzés:https://bugs.frugalware.org/ticket/4659
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1190
Leírás:A security issue and a vulnerability have been reported in phpmyadmin, which can be exploited by malicious people to manipulate certain data and bypass certain security restrictions. 1) It was possible to conduct XSS using a crafted database name.
FSA759 - thunderbird
Csomag:thunderbird
Dátum:2012-03-08
Beküldte:James Buren
Sebezhető verzió:10.0-1
Nem érintett verzió:10.0.2-fermus1
Hibákövető rendszer bejegyzés:https://bugs.frugalware.org/ticket/4663
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026
Leírás:A security issue and a vulnerability have been reported in thunderbird, which can be exploited by malicious people to manipulate certain data and bypass certain security restrictions. 1) Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.
FSA758 - chromium-browser
Csomag:chromium-browser
Dátum:2012-03-08
Beküldte:James Buren
Sebezhető verzió:16.0.912.63-2
Nem érintett verzió:17.0.963.47-fermus1
Hibákövető rendszer bejegyzés:https://bugs.frugalware.org/ticket/4664
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026
Leírás:A security issue and a vulnerability have been reported in chromium-browser, which can be exploited by malicious people to manipulate certain data and bypass certain security restrictions. 1) Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.
FSA757 - firefox
Csomag:firefox
Dátum:2012-03-08
Beküldte:James Buren
Sebezhető verzió:10.0-1
Nem érintett verzió:10.0.2-fermus1
Hibákövető rendszer bejegyzés:https://bugs.frugalware.org/ticket/4662
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026
Leírás:A security issue and a vulnerability have been reported in firefox, which can be exploited by malicious people to manipulate certain data and bypass certain security restrictions. 1) Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.
FSA756 - flashplugin
Csomag:flashplugin
Dátum:2012-03-08
Beküldte:James Buren
Sebezhető verzió:11.1.102.55-1
Nem érintett verzió:11.1.102.63-fermus1
Hibákövető rendszer bejegyzés:https://bugs.frugalware.org/ticket/4673
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0768 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0769
Leírás:A security issue and a vulnerability have been reported in flashplugin, which can be exploited by malicious people to manipulate certain data and bypass certain security restrictions. 1) The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. 2) Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers, which allows attackers to obtain sensitive information via unspecified vectors.
FSA755 - drupal6
Csomag:drupal6
Dátum:2012-02-05
Beküldte:Miklos Vajna
Sebezhető verzió:6.22-1
Nem érintett verzió:6.24-1mores1
Hibákövető rendszer bejegyzés:https://bugs.frugalware.org/ticket/4654
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0825 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0826 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0827
Leírás:A security issue and a vulnerability have been reported in Drupal, which can be exploited by malicious people to manipulate certain data and bypass certain security restrictions. 1) The security issue is caused due to the OpenID module not properly verifying the signature of Attribute Exchange (AX) information, which can be exploited to manipulate AX information. 2) An error in the File module when using certain field access modules can be exploited to download private files which would otherwise be restricted.
FSA754 - drupal7
Csomag:drupal7
Dátum:2012-02-05
Beküldte:Miklos Vajna
Sebezhető verzió:7.7-1
Nem érintett verzió:7.12-1mores1
Hibákövető rendszer bejegyzés:https://bugs.frugalware.org/ticket/4655
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0825 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0826 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0827
Leírás:A security issue and a vulnerability have been reported in Drupal, which can be exploited by malicious people to manipulate certain data and bypass certain security restrictions. 1) The security issue is caused due to the OpenID module not properly verifying the signature of Attribute Exchange (AX) information, which can be exploited to manipulate AX information. 2) An error in the File module when using certain field access modules can be exploited to download private files which would otherwise be restricted.
FSA753 - wireshark
Csomag:wireshark
Dátum:2012-02-05
Beküldte:Miklos Vajna
Sebezhető verzió:1.6.3-1mores1
Nem érintett verzió:1.6.5-1mores1
Hibákövető rendszer bejegyzés:https://bugs.frugalware.org/ticket/4650
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0041 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0042 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0043 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0066 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0067 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0068
Leírás:Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a user's system. 1) NULL pointer dereference errors when reading certain packet information can be exploited to cause a crash. 2) An error within the RLC dissector can be exploited to cause a buffer overflow via a specially crafted RLC packet capture file. Successful exploitation of this vulnerability may allow execution of arbitrary code. 3) An error within the "lanalyzer_read()" function (wiretap/lanalyzer.c) when parsing LANalyzer files can be exploited to cause a heap-based buffer underflow. Successful exploitation of this vulnerability may allow execution of arbitrary code. NOTE: A weakness within the file parser, which can lead to a crash when handling capture files has also been reported.
FSA752 - wordpress
Csomag:wordpress
Dátum:2012-02-05
Beküldte:Miklos Vajna
Sebezhető verzió:3.2.1-1
Nem érintett verzió:3.3.1-1mores1
Hibákövető rendszer bejegyzés:https://bugs.frugalware.org/ticket/4644
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0287
Leírás:Aditya Modha and Samir Shah discovered a vulnerability in WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the URL to e.g. wp-comments-post.php is not properly sanitised within the "wp_guess_url()" function in wp-includes/functions.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
FSA751 - phpmyadmin
Csomag:phpmyadmin
Dátum:2012-02-05
Beküldte:Miklos Vajna
Sebezhető verzió:3.4.8-1mores1
Nem érintett verzió:3.4.9-1mores1
Hibákövető rendszer bejegyzés:https://bugs.frugalware.org/ticket/4643
CVEk:http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4780
Leírás:Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections.
FSA750 - phpmyadmin
Csomag:phpmyadmin
Dátum:2011-12-23
Beküldte:Miklos Vajna
Sebezhető verzió:3.4.7.1-1mores1
Nem érintett verzió:3.4.8-1mores1
Hibákövető rendszer bejegyzés:https://bugs.frugalware.org/ticket/4640
CVEk:http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4634
Leírás:Using crafted database names, it was possible to produce XSS in the Database Synchronize and Database rename panels. Using an invalid and crafted SQL query, it was possible to produce XSS when editing a query on a table overview panel or when using the view creation dialog. Using a crafted column type, it was possible to produce XSS in the table search and create index dialogs.
FSA749 - roundcube
Csomag:roundcube
Dátum:2011-12-23
Beküldte:Miklos Vajna
Sebezhető verzió:0.5.4-1mores1
Nem érintett verzió:0.7-1mores1
Hibákövető rendszer bejegyzés:https://bugs.frugalware.org/ticket/4642
CVEk:No CVE, see http://sourceforge.net/news/?group_id=139281&id=305129.
Leírás:Beside fixing bugs the developers added some security improvements which will protect the Roundcube users from XSS and clickjacking attacks.
FSA748 - wireshark
Csomag:wireshark
Dátum:2011-12-23
Beküldte:Miklos Vajna
Sebezhető verzió:1.6.2-1mores1
Nem érintett verzió:1.6.3-1mores1
Hibákövető rendszer bejegyzés:https://bugs.frugalware.org/ticket/4633
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4100 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4102
Leírás:Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. 1) An error related to an uninitialised variable within the CSN.1 dissector can be exploited to cause a crash. 2) A NULL pointer dereference error within the Infiniband dissector can be exploited to cause a crash. 3) An error within the ERF file parser can be exploited to cause a heap-based buffer overflow. Successful exploitation of this vulnerability may allow execution of arbitrary code.
FSA747 - drupal6-views
Csomag:drupal6-views
Dátum:2011-12-23
Beküldte:Miklos Vajna
Sebezhető verzió:6.x_2.12-2
Nem érintett verzió:6.x_2.14-1mores1
Hibákövető rendszer bejegyzés:https://bugs.frugalware.org/ticket/4632
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4113
Leírás:A vulnerability has been reported in the Views module for Drupal, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via certain filters or arguments on certain types of views is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
FSA746 - libreoffice
Csomag:libreoffice
Dátum:2011-10-06
Beküldte:Miklos Vajna
Sebezhető verzió:3.4.2.3-1
Nem érintett verzió:3.4.3.2-1mores1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/4609
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2713
Leírás:Red Hat, Inc. security researcher Huzaifa Sidhpurwala reported multiple vulnerabilities in the binary Microsoft Word (doc) file format importer where custom crafted documents trigger out of bounds behaviour. Thanks to Huzaifa Sidhpurwala of Red Hat Security Team for reporting this vulnerability.
FSA745 - django
Csomag:django
Dátum:2011-09-17
Beküldte:Miklos Vajna
Sebezhető verzió:1.3-2
Nem érintett verzió:1.3.1-1mores1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/4590
CVEk:No CVE, see https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/
Leírás:Some vulnerabilities have been reported in Django, which can be exploited by malicious people to disclose certain system information, manipulate certain data, conduct cache poisoning attacks, and cause a DoS (Denial of Service). 1) An error within the handling of sessions within django.contrib.sessions when using the caching backend can be exploited to manipulate session information. Successful exploitation requires that the session key is known and the application allows attackers to store dictionary-like objects with a valid session key in the cache. 2) An error when verifying if URLs provided to the "URLField" field type correctly resolve can be exploited to exhaust all of the server's processes and memory by providing an URL to a malicious server. 3) An error within the handling of redirect responses when verifying URLs provided to the "URLField" field type can be exploited to e.g. determine the existence of local files on the server by returning a redirect response to a "file://" URL. 4) An error within the handling of the "X-Forwarded-Host" HTTP header when e.g. generating full URLs for redirect responses can be exploited to conduct cache poisoning attacks.
FSA744 - librsvg
Csomag:librsvg
Dátum:2011-09-13
Beküldte:Miklos Vajna
Sebezhető verzió:2.34.0-1
Nem érintett verzió:2.34.1-1mores1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/4582
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3146
Leírás:A vulnerability has been reported in librsvg, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerability is caused due to an error within the handling of node types, which can be exploited to dereference invalid memory via specially crafted SVG images.
FSA743 - mantis
Csomag:mantis
Dátum:2011-09-09
Beküldte:Miklos Vajna
Sebezhető verzió:1.2.7-1mores1
Nem érintett verzió:1.2.8-1mores1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/4586
CVEk:No CVE, see https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html
Leírás:Some vulnerabilities have been reported in MantisBT, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information and by malicious users to compromise a vulnerable system. 1) Certain input passed via the URL is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "action" parameter in bug_actiongroup_ext_page.php and bug_actiongroup_page.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes. Note: In combination with MantisBT's file upload functionality, this can be exploited to execute arbitrary PHP code. 3) Input passed to the "os", "os_build", and "platform" parameters in bug_report_page.php and bug_update_advanced_page.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a users browser session in context of an affected site.
FSA742 - apache
Csomag:apache
Dátum:2011-09-07
Beküldte:Miklos Vajna
Sebezhető verzió:2.2.19-2mores1
Nem érintett verzió:2.2.20-1mores1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/4571
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
Leírás:Kingcope has discovered a vulnerability in Apache HTTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the ByteRange filter when processing requests containing a large amount of ranges, which can be exploited to exhaust memory via specially crafted HTTP requests sent to the server.
FSA741 - foomatic-filters
Csomag:foomatic-filters
Dátum:2011-09-03
Beküldte:Miklos Vajna
Sebezhető verzió:4.0.1-5
Nem érintett verzió:4.0.1-6mores1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/4556
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2924
Leírás:It was found that foomatic-rip filter used insecurely created temporary file for storage of PostScript data by rendering the data, intended to be sent to the PostScript filter, when the debug mode was enabled. A local attacker could use this flaw to conduct symlink attacks (overwrite arbitrary file accessible with the privileges of the user running the foomatic-rip universal print filter).
FSA740 - phpmyadmin
Csomag:phpmyadmin
Dátum:2011-08-29
Beküldte:Miklos Vajna
Sebezhető verzió:3.4.3.2-1
Nem érintett verzió:3.4.4-1mores1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/4567
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3181
Leírás:Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious users to conduct script insertion attacks. Certain input passed to table, column, and index names is not properly sanitised before being used in the Tracking feature. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.
FSA739 - stunnel
Csomag:stunnel
Dátum:2011-08-28
Beküldte:Miklos Vajna
Sebezhető verzió:4.39-1
Nem érintett verzió:4.42-1mores1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/4552
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2940
Leírás:A vulnerability has been reported in Stunnel, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due to an unspecified error and can be exploited to corrupt heap memory.
FSA738 - krb5
Csomag:krb5
Dátum:2011-08-27
Beküldte:Miklos Vajna
Sebezhető verzió:1.7-6
Nem érintett verzió:1.7.2-1mores1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/4256
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0628 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1320 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321
Leírás:1) A vulnerability has been reported in Kerberos, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an assertion error within the "spnego_gss_accept_sec_context()" function in src/lib/gssapi/spnego/spnego_mech.c when receiving an invalid packet, which can be exploited to e.g. crash an application using the library by sending a specially crafted packet. 2) Joel Johnson has reported a vulnerability in Kerberos, which can be exploited by malicious users to potentially compromise a vulnerable system. The vulnerability is caused due to an error in KDC within the "process_tgs_req()" function in kdc/do_tgs_req.c when validating or renewing tickets and can be exploited to trigger a double-free condition. Successful exploitation may allow execution of arbitrary code. 3) A vulnerability has been reported in Kerberos, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to a NULL pointer dereference error when processing certain Kerberos AP-REQ authenticators, which can be exploited to cause a crash in e.g. kadmind or other applications linked against the GSS-API library by sending an AP-REQ authenticator with a missing checksum field.
FSA737 - mantis
Csomag:mantis
Dátum:2011-08-24
Beküldte:Miklos Vajna
Sebezhető verzió:1.2.5-1
Nem érintett verzió:1.2.7-1mores1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/4553
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2938
Leírás:A vulnerability has been discovered in MantisBT, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "project_id" parameter to search.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
FSA736 - roundcube
Csomag:roundcube
Dátum:2011-08-23
Beküldte:Miklos Vajna
Sebezhető verzió:0.3-2
Nem érintett verzió:0.5.4-1mores1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/4554
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2937
Leírás:A vulnerability has been reported in RoundCube Webmail, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "_mbox" parameter to various scripts is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
FSA735 - xpdf
Csomag:xpdf
Dátum:2011-08-22
Beküldte:Miklos Vajna
Sebezhető verzió:3.02-6
Nem érintett verzió:3.02-7mores1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/4236
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3603 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3604 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3606 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609
Leírás:Some vulnerabilities have been reported in Xpdf, which can be exploited by malicious people to potentially compromise a user's system. 1) Multiple integer overflows in "SplashBitmap::SplashBitmap()" can be exploited to cause heap-based buffer overflows. 2) An integer overflow error in "ObjectStream::ObjectStream()" can be exploited to cause a heap-based buffer overflow. 3) Multiple integer overflows in "Splash::drawImage()" can be exploited to cause heap-based buffer overflows. 4) An integer overflow error in "PSOutputDev::doImageL1Sep()" can be exploited to cause a heap-based buffer overflow when converting a PDF document to a PS file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code by tricking a user into opening a specially crafted PDF file.
FSA734 - flashplugin
Csomag:flashplugin
Dátum:2011-08-17
Beküldte:Miklos Vajna
Sebezhető verzió:10.3.181.34-1
Nem érintett verzió:10.3.183.5-1mores1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/4545
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2130 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2134 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2135 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2136 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2137 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2139 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2140 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2424 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2425
Leírás:Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to disclose sensitive information and compromise a user's system. 1) An unspecified error can be exploited to cause a buffer overflow and potentially execute arbitrary code. 2) An unspecified error can be exploited to cause a buffer overflow and potentially execute arbitrary code. 3) An error exists within a certain ActionScript function in the "flash.display" class when parsing certain parameters and can be exploited to corrupt memory and potentially execute arbitrary code. 4) An integer overflow error within a certain ActionScript function can be exploited to corrupt memory and potentially execute arbitrary code. 5) An unspecified error can be exploited to cause a buffer overflow and potentially execute arbitrary code. 6) An integer overflow error when handling the "scroll" method of the ActionScript Bitmap class can be exploited to corrupt memory. 7) An unspecified error can be exploited to disclose certain information from another domain. 8) An unspecified error can be exploited to corrupt memory and potentially execute arbitrary code. 9) An unspecified error can be exploited to cause a buffer overflow and potentially execute arbitrary code. 10) An error within the "Setslot()" method when parsing a certain field from an SWF file can be exploited to cause a buffer overflow and potentially execute arbitrary code. 11) An integer overflow error within a certain ActionScript function can be exploited to corrupt memory and potentially execute arbitrary code. 12) An unspecified error can be exploited to corrupt memory and potentially execute arbitrary code. 13) An error within the "Bitmapdata" class when parsing a certain field from an SWF file can be exploited to corrupt memory and potentially execute arbitrary code. 14) 80 unspecified errors of various types when parsing SWF file content may be exploited to corrupt memory.
© 2003-2011. The Frugalware Developer Team