Kiadások

frugalware-0.8 (Kalgan)
Mar 11, 2008

frugalware-0.7 (Sayshell)
Oct 13, 2007

frugalware-0.6 (Terminus)
Mar 22, 2007

frugalware-0.5 (Siwenna)
Sep 14, 2006

frugalware-0.4 (Wanda)
Mar 30, 2006

frugalware-0.3 (Trantor)
Oct 13, 2005

frugalware-0.2 (Aurora)
Apr 28, 2005

frugalware-0.1 (Genesis)
Nov 02, 2004

RSS

Adományok

Adományozzon, hogy segítse fejlesztési erőfeszítéseinket.

Legfrissebb csomagok
devel-extra/fwsetup
0.9.1-1-i686
devel-extra/fwsetup
0.9.1-1-x86_64
xorg-drivers/
 xf86-video-ati
6.8.0-2-i686
xorg-drivers/
 xf86-video-ati
6.8.0-2-x86_64
base/rp-pppoe
3.10-2-x86_64
base/rp-pppoe
3.10-2-i686
core/frugalware
0.9pre2-1-i686
core/frugalware
0.9pre2-1-x86_64
gnome-extra/
 monodevelop
0.18.1-3kalgan3-x86_64
xapps/firefox
2.0.0.15-1kalgan1-x86_64

RSS
Nyelvek
Váltson nyelvet | Váltson nyelvet | Váltson nyelvet | Váltson nyelvet | Váltson nyelvet | Váltson nyelvet | Váltson nyelvet
Információ
Go Frugalware, Go
Valid XHTML 1.0!
Valid CSS!
Valid RSS!
Szerver információk
Uptime:
67 nap 16 ó 16 p 43 mp
Frugalware Biztonsági Bejelentések (FSAk)
Ez a biztonsági bejelentések egy listája a Frugalware jelenlegi stabil verziójához
FSA485 - courier-authlib
Csomag:courier-authlib
Dátum:2008-07-02
Sebezhető verzió:0.60.2-1
Nem érintett verzió:0.60.6-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3180
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2667
Leírás:A vulnerability has been reported in the Courier Authentication Library, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via e.g. the username to the library is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and e.g. potentially bypass authentication. Successful exploitation requires that a MySQL database is used for authentication and that a Non-Latin character set is selected.
FSA484 - xorg-server
Csomag:xorg-server
Dátum:2008-07-02
Sebezhető verzió:1.4.0.90-5
Nem érintett verzió:1.4.0.90-6kalgan2
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3175
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2360 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2361 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2362
Leírás:Some vulnerabilities have been reported in X.org X11, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or to gain escalated privileges. 1) An integer overflow error when calculating the size of the glyph exists in the "AllocateGlyph()" function within the Render extension. This can be exploited to cause a heap-based buffer overflow via a specially crafted request. 2) An integer overflow error when calculating the size of the glyph in the "ProcRenderCreateCursor()" function within the Render extension can be exploited to crash the X server via a specially crafted request. 3) An integer overflow error exists in the Render extension when parsing client requests for the "SProcRenderCreateLinearGradient", "SProcRenderCreateRadialGradient", or "SProcRenderCreateConicalGradient" functions and can be exploited to corrupt heap memory. 4) Multiple input validation errors in the "SProcSecurityGenerateAuthorization()", "SProcRecordCreateContext()", and "SProcRecordRegisterClients()" functions within the Record and Security extensions can be exploited to corrupt heap memory via specially crafted requests. Successful exploitation of vulnerabilities #1, #3, and #4 may allow execution of arbitrary code with privileges of the X server (typically root). 5) An integer overflow error when processing parameters to the "ShmPutImage()" request can be exploited to disclose arbitrary memory of the X server process.
FSA483 - apache
Csomag:apache
Dátum:2008-07-02
Sebezhető verzió:2.2.8-1
Nem érintett verzió:2.2.8-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3177
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364
Leírás:A vulnerability has been reported in the Apache mod_proxy module, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the "ap_proxy_http_process_response()" function when forwarding interim responses. This can be exploited to consume large amounts of memory by tricking mod_proxy into sending an overly large number of interim responses to the client.
FSA482 - net-snmp
Csomag:net-snmp
Dátum:2008-06-26
Sebezhető verzió:5.4.1-4kalgan1
Nem érintett verzió:5.4.1-4kalgan2
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3142
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0960
Leírás:A vulnerability has been reported in Net-SNMP, which can be exploited by malicious people to spoof authenticated SNMPv3 packets. The vulnerability is caused due to an error within the verification of the HMAC digest. This can be exploited to increase the chance of successfully spoofing a packet to 1 in 256 by sending a specially crafted SNMPv3 packet with an incomplete 1 byte HMAC digest. Successful exploitation requires a valid username.
FSA481 - horde-webmail
Csomag:horde-webmail
Dátum:2008-06-26
Sebezhető verzió:1.1-1kalgan1
Nem érintett verzió:1.1.1-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3167
CVEk:There is no CVE for this issue, see http://lists.horde.org/archives/announce/2008/000420.html.
Leírás:Some vulnerabilities have been reported in various Horde products, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks. 1) Input passed to item names is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is viewed. Successful exploitation requires valid user credentials. 2) Input passed to contact views is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is viewed. Successful exploitation requires valid user credentials. 3) Input passed to unspecified input is not properly sanitised before being returned to the user in the add event screen. This can be exploited to execute arbitrary HTML and script code in a user's browser session in contact of an affected site.
FSA480 - exiv2
Csomag:exiv2
Dátum:2008-06-26
Sebezhető verzió:0.16-1
Nem érintett verzió:0.16-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3135
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2696
Leírás:A vulnerability has been reported in Exiv2, which potentially can be exploited by malicious people to crash an application using the library. The vulnerability is caused due to a floating point exception within the pretty printing functionality when processing certain Nicon camera lens information. This can be exploited to crash an application linked against the Exiv2 library when a image containing specially-crafted metadata is processed.
FSA479 - kernel
Csomag:kernel
Dátum:2008-06-24
Sebezhető verzió:2.6.24-4kalgan2
Nem érintett verzió:2.6.24-4kalgan3
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3140
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1673
Leírás:A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due to an error within the ASN.1 BER decoder of the cifs and ip_nat_snmp_basic modules when calculating the buffer size. This can be exploited to cause a crash or potentially execute arbitrary code by sending specially crafted BER encoded data to a vulnerable system.
FSA478 - xdvik
Csomag:xdvik
Dátum:2008-06-13
Sebezhető verzió:22.84.12-1
Nem érintett verzió:22.84.14-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3127
CVEk:There is no CVE for this issue, see http://xdvi.sourceforge.net/releases.html#22.84.14
Leírás:A security issue has been reported in xdvik, which can be exploited by malicious, local users. The vulnerability is caused by creating predictably named temporary files by using mktemp.
FSA477 - graphicsmagick
Csomag:graphicsmagick
Dátum:2008-06-13
Sebezhető verzió:1.1.12-1kalgan1
Nem érintett verzió:1.1.14-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3137
CVEk:There is no CVE for this issue, see: http://sourceforge.net/project/shownotes.php?release_id=604785 http://sourceforge.net/project/shownotes.php?release_id=604837
Leírás:Some vulnerabilities have been reported in GraphicsMagick, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. 1) Two boundary errors exist within the "ReadPALMImage()" function in coders/palm.c. These can be exploited to cause a heap-based buffer underflow via a specially crafted PALM image. 2) A boundary error exists within the "DecodeImage()" function in coders/pict.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted PICT image. 3) Multiple unspecified errors within the processing of XCF, DPX, and CINEON images can be exploited to crash the application. Successful exploitation may allow execution of arbitrary code.
FSA476 - asterisk-addons
Csomag:asterisk-addons
Dátum:2008-06-13
Sebezhető verzió:1.4.4-1
Nem érintett verzió:1.4.7-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3136
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2543
Leírás:A vulnerability has been reported in Asterisk Addons, which can be exploited by malicious people to cause a DoS (Denial of Service). The problem is that the "ooh323" channel driver extracts memory addresses from incoming TCP packets and uses them in memory operations. This can be exploited to crash an affected application by sending a TCP packet containing invalid memory references.
FSA475 - samba
Csomag:samba
Dátum:2008-06-13
Sebezhető verzió:3.0.28-1
Nem érintett verzió:3.0.30-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3115
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105
Leírás:Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "receive_smb_raw()" function in lib/util_sock.c when parsing SMB packets. This can be exploited to cause a heap-based buffer overflow via an overly large SMB packet received in a client context. Successful exploitation allows execution of arbitrary code by tricking a user into connecting to a malicious server (e.g. by clicking an "smb://" link) or by sending specially crafted packets to an "nmbd" server configured as a local or domain master browser.
FSA474 - blender
Csomag:blender
Dátum:2008-06-13
Sebezhető verzió:2.45-1
Nem érintett verzió:2.45-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3039
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1102
Leírás:Secunia Research has discovered a vulnerability in Blender, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "imb_loadhdr()" function in source/blender/imbuf/intern/radiance_hdr.c, which can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted Blender (*.blend) file containing a malicious Radiance RGBE image. Successful exploitation allows execution of arbitrary code.
FSA473 - libvorbis
Csomag:libvorbis
Dátum:2008-06-13
Sebezhető verzió:1.2.0-1
Nem érintett verzió:1.2.0-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3093
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1423
Leírás:Some vulnerabilities have been reported in libvorbis, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise an application using the library. 1) An input validation error can be exploited to crash an application, cause an infinite loop, or to cause a heap overflow via a specially crafted OGG file containing a codebook dimension of "0". 2) An integer overflow error in the processing of residue partition values can be exploited to cause a heap-based buffer overflow via a specially crafted OGG file. 3) An integer overflow error exists in the computation of "quantvals" and of required space for "quantlist". This can be exploited to cause a heap-based buffer overflow via a specially crafted OGG file. Successful exploitation may allow execution of arbitrary code.
FSA472 - emacs
Csomag:emacs
Dátum:2008-06-13
Sebezhető verzió:22.1-3kalgan1
Nem érintett verzió:22.1-3kalgan2
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3086
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2142
Leírás:Morten Welinder has reported a vulnerability in GNU Emacs, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the processing of fast-lock files (.flc) for corresponding source files. This can be exploited to execute arbitrary Emacs Lisp code when e.g. a source file is opened and a specially crafted fast-lock file exists in the same directory. Successful exploitation requires that "font-lock-support-mode" is set to "fast-lock-mode".
FSA471 - stunnel
Csomag:stunnel
Dátum:2008-06-13
Sebezhető verzió:4.21-1
Nem érintett verzió:4.24-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3122
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2420
Leírás:A security issue has been reported in Stunnel, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to an unspecified error in the OCSP functionality and can lead to a revoked certificate being successfully authenticated.
FSA470 - imlib2
Csomag:imlib2
Dátum:2008-06-13
Sebezhető verzió:1.4.0-1
Nem érintett verzió:1.4.0-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3124
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2426
Leírás:Secunia Research has discovered two vulnerabilities in imlib2, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library. 1) A boundary error exists within the "load()" function in src/modules/loaders/loader_pnm.c when processing the header of a PNM image file. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted PNM image in an application using the imlib2 library. Successful exploitation allows execution of arbitrary code. 2) A boundary error exists within the "load()" function in src/modules/loader_xpm.c when processing an XPM image file. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted XPM image in an application using the imlib2 library. Successful exploitation may allow execution of arbitrary code.
FSA469 - mrxvt
Csomag:mrxvt
Dátum:2008-06-13
Sebezhető verzió:0.5.3-1
Nem érintett verzió:0.5.3-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3090
CVEk:There is no CVE for this issue.
Leírás:A security issue has been reported in mrxvt, which can be exploited by malicious, local users to gain escalated privileges. For more information, see FSA466.
FSA468 - rxvt-unicode
Csomag:rxvt-unicode
Dátum:2008-06-13
Sebezhető verzió:9.02-1
Nem érintett verzió:9.02-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3089
CVEk:There is no CVE for this issue.
Leírás:A security issue has been reported in rxvt-unicode, which can be exploited by malicious, local users to gain escalated privileges. For more information, see FSA466.
FSA467 - aterm
Csomag:aterm
Dátum:2008-06-13
Sebezhető verzió:1.0.1-1
Nem érintett verzió:1.0.1-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3088
CVEk:There is no CVE for this issue.
Leírás:A security issue has been reported in aterm, which can be exploited by malicious, local users to gain escalated privileges. For more information, see FSA466.
FSA466 - rxvt
Csomag:rxvt
Dátum:2008-06-13
Sebezhető verzió:2.6.4-2
Nem érintett verzió:2.7.10-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2925
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1142
Leírás:Bernhard R. Link has reported a security issue in rxvt, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the program using ":0" as it's X11 display if the DISPLAY environment variable is missing. This can be exploited to execute arbitrary commands with the privileges of the user running rxvt via a malicious X server.
FSA465 - net-snmp
Csomag:net-snmp
Dátum:2008-06-10
Sebezhető verzió:5.4.1-3
Nem érintett verzió:5.4.1-4kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3092
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2292
Leírás:A vulnerability has been reported in Net-snmp, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "__snprint_value()" function in perl/SNMP/SNMP.xs. This can be exploited to cause a buffer overflow in an application using the Net-snmp Perl module by tricking the user into connecting to a malicious SNMP agent.
FSA464 - horde-webmail
Csomag:horde-webmail
Dátum:2008-06-06
Sebezhető verzió:1.0.6-1kalgan1
Nem érintett verzió:1.1-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3120
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6018
Leírás:Secunia Research has discovered a vulnerability in IMP Webmail Client and Horde Groupware Webmail Edition, which can be exploited by malicious people to bypass certain security restrictions and manipulate data. The HTML filter does not filter out frame and frameset HTML elements. Additionally, the application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to (a) delete an arbitrary number of e-mail messages by referencing their numeric IDs and (b) purge deleted mails, when the victim opens a malicious HTML mail. Successful exploitation requires that the victim opens the HTML part of a malicious message.
FSA463 - openssl
Csomag:openssl
Dátum:2008-06-06
Sebezhető verzió:0.9.8-11
Nem érintett verzió:0.9.8-12kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3114
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0891 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1672
Leírás:Two vulnerabilities have been reported in OpenSSL, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) A double-free error in the handling of server name extension data if "server_name" set to 0x00 can be exploited to crash a server application using OpenSSL by sending a specially crafted TLS 1.0 Client Hello packet. Successful exploitation requires that OpenSSL is compiled using the TLS server name extensions. 2) A NULL pointer dereference error can be exploited by a malicious server to crash a client application when the "Server Key exchange message" is omitted from a TLS handshake and anonymous Diffie-Hellman key exchange is used.
FSA462 - libxslt
Csomag:libxslt
Dátum:2008-05-26
Sebezhető verzió:1.1.22-2kalgan1
Nem érintett verzió:1.1.22-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3104
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1767
Leírás:A vulnerability has been reported in libxslt, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system. The vulnerability is caused due to an error in the handling of XSL style-sheet files. This can potentially be exploited to trigger the use of uninitialized memory in e.g. a call to "free()" when a specially crafted XSL file is being processed by an application using the library. Successful exploitation may allow execution of arbitrary code.
FSA461 - mysql
Csomag:mysql
Dátum:2008-05-26
Sebezhető verzió:5.0.51-2
Nem érintett verzió:5.0.51-3kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3075
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2079
Leírás:A security issue has been reported in MySQL, which can be exploited by malicious, local users to bypass certain security restrictions. The problem is that it is possible to bypass certain privilege checks by creating a MyISAM table with certain DATA DIRECTORY and INDEX DIRECTORY options to overwrite existing table files in the MySQL data directory.
FSA460 - seamonkey
Csomag:seamonkey
Dátum:2008-05-26
Sebezhető verzió:1.1.9-1kalgan1
Nem érintett verzió:1.1.9-1kalgan2
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3021
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380
Leírás:A vulnerability has been reported in Mozilla SeaMonkey, which can potentially be exploited by malicious people to compromise a user's system. For more information, see FSA431.
FSA459 - django
Csomag:django
Dátum:2008-05-26
Sebezhető verzió:0.96.1-1
Nem érintett verzió:0.96.2-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3084
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2302
Leírás:A vulnerability has been reported in Django, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the URL is not properly sanitised before being returned to the user through the login form. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
FSA458 - asterisk
Csomag:asterisk
Dátum:2008-05-26
Sebezhető verzió:1.4.17-1
Nem érintett verzió:1.4.19.2-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3077
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1897 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1923
Leírás:A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to improper verification of ACK responses during IAX2 handshakes, which can be exploited to spoof an IAX2 handshake and cause a DoS via high bandwidth usage.
FSA457 - kvm
Csomag:kvm
Dátum:2008-05-25
Sebezhető verzió:61-2
Nem érintett verzió:61-3kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3044
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2004
Leírás:A vulnerability has been reported in KVM, which can be exploited by malicious, local users to bypass certain security restrictions or cause a DoS (Denial of Service). The error can be exploited by a guest to read arbitrary files on the host via a specially crafted disk header. For more information, see FSA455.
FSA456 - xemacs
Csomag:xemacs
Dátum:2008-05-25
Sebezhető verzió:21.4.21-1
Nem érintett verzió:21.4.21-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3041
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1694
Leírás:Some security issues have been reported in XEmacs, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issues are caused due to the use of vulnerable GNU Emacs code. For more information, see FSA423.
FSA455 - qemu
Csomag:qemu
Dátum:2008-05-25
Sebezhető verzió:0.9.1-2
Nem érintett verzió:0.9.1-3kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3043
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2004
Leírás:A vulnerability has been reported in QEMU, which can be exploited by malicious, local users to bypass certain security restrictions. The vulnerability is caused due to the "drive_init()" function in vl.c determining the format of a disk from data contained in the disk's header. This can be exploited by a malicious user in a guest system to e.g. read arbitrary files on the host by writing a fake header to a raw formatted disk image.
FSA454 - chicken
Csomag:chicken
Dátum:2008-05-25
Sebezhető verzió:2.732-1
Nem érintett verzió:3.1.10-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3091
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0674
Leírás:A vulnerability been reported in Chicken, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerabilities are caused due to the use of a vulnerable version of the PCRE library.
FSA453 - gnutls
Csomag:gnutls
Dátum:2008-05-25
Sebezhető verzió:2.2.0-1
Nem érintett verzió:2.2.5-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3100
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1948 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1949 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1950
Leírás:Some vulnerabilities have been reported in GnuTLS, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library. 1) A boundary error exists in the processing "Client Hello" messages containing a "Server Name" extension. This can be exploited to cause a heap-based buffer overflow via a specially crafted TLS packet. Successful exploitation may allow execution of arbitrary code. 2) A NULL-pointer dereference error in the processing of TLS packets containing multiple "Client Hello" messages can be exploited to crash an affected application. 3) A signedness error exists within the "_gnutls_ciphertext2compressed()" function in lib/gnutls_cipher.c. This can be exploited to cause an out of bounds read and crash an affected application via specially crafted, encrypted TLS data.
FSA452 - graphicsmagick
Csomag:graphicsmagick
Dátum:2008-05-20
Sebezhető verzió:1.1.11-1
Nem érintett verzió:1.1.12-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3076
CVEk:There is no CVE for this issue, see http://sourceforge.net/project/shownotes.php?release_id=595544
Leírás:A security issue has been reported in GraphicsMagick, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to the improper processing of file extensions and can be exploited to e.g. access X11 or to invoke certain delegate programs. Successful exploitation requires that a user is tricked into processing a malicious file with a specific file extension.
FSA451 - audacity
Csomag:audacity
Dátum:2008-05-20
Sebezhető verzió:1.3.3-2
Nem érintett verzió:1.3.5-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3080
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6061
Leírás:Viktor Griph has reported a security issue in Audacity, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to delete arbitrary files and directories. The security issue is caused due to the "AudacityApp::OnInit()" method in src/AudacityApp.cpp handling temporary files in an insecure manner. This can be exploited to delete arbitrary files and directories via symlink attacks, or to cause a deadlock.
FSA450 - pngcrush
Csomag:pngcrush
Dátum:2008-05-20
Sebezhető verzió:1.6.4-1
Nem érintett verzió:1.6.5-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3079
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382
Leírás:A vulnerability has been reported in Pngcrush, which can be exploited by malicious people to disclose potentially sensitive information or potentially compromise a user's system. The vulnerability is caused due to the use of vulnerable libpng code. For more information, see FSA434.
FSA449 - rdesktop
Csomag:rdesktop
Dátum:2008-05-20
Sebezhető verzió:1.5.0-2
Nem érintett verzió:1.6.0-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3078
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1801 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1802 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1803
Leírás:Some vulnerabilities have been reported in rdesktop, which can be exploited by malicious people to compromise a user's system. 1) An integer underflow error in iso.c when processing RDP requests can be exploited to cause a heap-based buffer overflow. 2) An input validation error in rdp.c when processing RDP redirect requests can be exploited to cause a BSS-based buffer overflow. 3) A signedness error within "xrealloc()" in rdesktop.c can be exploited to cause a heap-based buffer overflow. Successful exploitation allows execution of arbitrary code but requires that a user is tricked into connecting to a malicious RDP server.
FSA448 - php
Csomag:php
Dátum:2008-05-20
Sebezhető verzió:5.2.5-2
Nem érintett verzió:5.2.6-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3074
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108
Leírás:Some vulnerabilities have been reported in PHP, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions, and potentially by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. 1) An unspecified error in the FastCGI SAPI can be exploited to cause a stack-based buffer overflow. 2) An error in the processing of multibyte characters within the "escapeshellcmd()" and "escapeshellarg()" functions can be exploited to escape the inserted backslash or quote characters via certain multibyte characters. Successful exploitation allows to bypass the "safe_mode_exec_dir" and "disable_functions" directives, and potentially to inject arbitrary shell commands via user controlled input, but requires that the shell uses a locale with a variable width character (e.g. GBK, EUC-KR, SJIS). 3) A vulnerability is caused due to an error during path translation in cgi_main.c. This can potentially be exploited to execute arbitrary code, but depends on how a targeted application is using PHP. 4) An error in cURL can be exploited to bypass the "safe_mode" directive. 5) A boundary error in PCRE can potentially be exploited by malicious people to cause a DoS or compromise a vulnerable system.
FSA447 - eterm
Csomag:eterm
Dátum:2008-05-15
Sebezhető verzió:0.9.4-2
Nem érintett verzió:0.9.4-3kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2918
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1692
Leírás:A security issue has been reported in Eterm, which can be exploited by malicious, local users to gain escalated privileges. Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.
FSA446 - kdelibs
Csomag:kdelibs
Dátum:2008-05-15
Sebezhető verzió:3.5.9-1
Nem érintett verzió:3.5.9-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3047
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1671
Leírás:A vulnerability has been reported in KDE, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to potentially gain escalated privileges. The vulnerability is caused due to an error in the start_kdeinit script (installed setuid root by default). This can be exploited to send signals to privileged processes, cause a DoS, or potentially execute arbitrary code in the context of the target process.
FSA445 - kernel
Csomag:kernel
Dátum:2008-05-15
Sebezhető verzió:2.6.24-4kalgan1
Nem érintett verzió:2.6.24-4kalgan2
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3060
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1669
Leírás:A vulnerability has been reported in the Linux kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error when preventing race conditions between "fcntl_setlk()" and "close()" calls on SMP systems. This can be exploited to trigger the improper, reordered access to the file descriptor table and the "file_lock" structure of an inode, between threads running on different CPUs.
FSA444 - thunderbird
Csomag:thunderbird
Dátum:2008-05-15
Sebezhető verzió:2.0.0.12-1
Nem érintett verzió:2.0.0.14-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2906
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1233 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1235 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1236 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1237
Leírás:Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or potentially compromise a user's system. For more information, see FSA407.
FSA443 - util-linux-ng
Csomag:util-linux-ng
Dátum:2008-05-15
Sebezhető verzió:2.13.1-1
Nem érintett verzió:2.13.1-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3046
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1926
Leírás:A weakness has been reported in util-linux-ng, which can be exploited by malicious people to manipulate certain data. The security issue is caused due to an error in login.c while logging login attempts. This can be exploited to inject e.g. an arbitrary address in the audit logs via a specially crafted username.
FSA442 - wordpress
Csomag:wordpress
Dátum:2008-05-15
Sebezhető verzió:2.3.3-2kalgan1
Nem érintett verzió:2.5.1-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3048
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1930 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2068
Leírás:Two vulnerabilities have been reported in WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and to compromise a vulnerable system. 1) A vulnerability is caused due to improper access restriction of the administration section. This can be exploited to bypass the authentication mechanism and gain administrative access by setting a specially crafted cookie. This can further be exploited to execute arbitrary PHP code. Successful exploitation of this vulnerability requires that registering new accounts is enabled. The vulnerability is reported in version 2.5. 2) Input passed to an unspecified parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
FSA441 - kernel
Csomag:kernel
Dátum:2008-05-05
Sebezhető verzió:2.6.24-3
Nem érintett verzió:2.6.24-4kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3050
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1375
Leírás:A vulnerability has been reported in the Linux kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to potentially gain escalated privileges. A race condition error exists in the dnotify subsystem between calls to "fcntl()" and "close()". This can be exploited to cause a system crash or potentially gain root privileges.
FSA440 - frugalwareutils
Csomag:frugalwareutils
Dátum:2008-05-05
Sebezhető verzió:0.7.9-1
Nem érintett verzió:0.7.9-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3052
CVEk:There is no CVE for this issue.
Leírás:A vulnerability has been reported in frugalwareutils, which can potentially be exploited by malicious people to cause a DoS on a vulnerable system. The vulnerability is caused due to creating new files as root without checking the current value of umask. Successful exploitation may allow execution of arbitrary code.
FSA439 - vorbis-tools
Csomag:vorbis-tools
Dátum:2008-05-05
Sebezhető verzió:1.1.1-3
Nem érintett verzió:1.1.1-4kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3032
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
Leírás:A vulnerability has been reported in vorbis-tools, which can potentially be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the use of vulnerable libfishsound; an input validation error when processing Speex headers, which can be exploited via a specially crafted Speex stream containing a negative "modeID" field in the header. Successful exploitation may allow execution of arbitrary code.
FSA438 - xine-lib
Csomag:xine-lib
Dátum:2008-05-05
Sebezhető verzió:1.1.11-1kalgan2
Nem érintett verzió:1.1.11-1kalgan3
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3027
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1878
Leírás:Guido Landi has discovered a vulnerability in xine-lib, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the "demux_nsf_send_chunk()" function in src/demuxers/demux_nsf.c. This can be exploited to cause a stack-based buffer overflow via an overly long NSF title.
FSA437 - xine-lib
Csomag:xine-lib
Dátum:2008-05-05
Sebezhető verzió:1.1.11-1kalgan2
Nem érintett verzió:1.1.11-1kalgan3
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3010
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
Leírás:A vulnerability has been reported in xine-lib, which can potentially be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the use of vulnerable libfishsound; an input validation error when processing Speex headers, which can be exploited via a specially crafted Speex stream containing a negative "modeID" field in the header. Successful exploitation may allow execution of arbitrary code.
FSA436 - phpmyadmin
Csomag:phpmyadmin
Dátum:2008-04-25
Sebezhető verzió:2.11.5.1-1kalgan1
Nem érintett verzió:2.11.5.2-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3035
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1924
Leírás:A vulnerability has been reported in phpMyAdmin, which can be exploited by malicious users to disclose sensitive information. The vulnerability is caused due to an unspecified error and can be exploited to disclose arbitrary files via a specially crafted HTTP POST request. Successful exploitation requires a certain level of access e.g. on a shared host.
FSA435 - openssh
Csomag:openssh
Dátum:2008-04-25
Sebezhető verzió:4.7p1-4kalgan1
Nem érintett verzió:4.7p1-4kalgan2
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2961
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1657
Leírás:A weakness has been reported in OpenSSH, which can be exploited by malicious, local users to bypass certain security restrictions. The weakness is caused due to the improper implementation of the "ForceCommand" directive. This can be exploited to execute arbitrary commands via the ~/.ssh/rc file even if a "ForceCommand" directive is in effect.
FSA434 - libpng
Csomag:libpng
Dátum:2008-04-25
Sebezhető verzió:1.2.24-1
Nem érintett verzió:1.2.24-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3013
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382
Leírás:Tavis Ormandy has reported a vulnerability in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service), disclose potentially sensitive information, or potentially compromise an application using the library. The vulnerability is caused due to the improper handling of PNG chunks unknown to the library. This can be exploited to trigger the use of uninitialized memory in e.g. a "free()" call via unknown PNG chunks having a length of zero. Successful exploitation may allow execution of arbitrary code, but requires that the application calls the "png_set_read_user_chunk_fn()" function or the "png_set_keep_unknown_chunks()" function under specific conditions.
FSA433 - cups
Csomag:cups
Dátum:2008-04-25
Sebezhető verzió:1.3.6-2kalgan1
Nem érintett verzió:1.3.6-2kalgan2
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3012
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1722
Leírás:Thomas Pollet has reported a vulnerability in CUPS, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to two integer overflow errors in filter/image-png.c when processing PNG files. These can be exploited to cause a heap-based buffer overflow via overly large width and height PNG fields. Successful exploitation may allow execution of arbitrary code.
FSA432 - clamav
Csomag:clamav
Dátum:2008-04-25
Sebezhető verzió:0.92.1-1
Nem érintett verzió:0.93-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3014
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1100 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1833 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1835 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1836 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1837
Leírás:Some vulnerabilities have been reported in ClamAV, which can be exploited by malicious people to bypass certain security restrictions, to cause a DoS (Denial of Service), or to compromise a vulnerable system. 1) A boundary error exists within the "cli_scanpe()" function in libclamav/pe.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted "Upack" executable. Successful exploitation allows execution of arbitrary code. 2) A boundary error within the processing of PeSpin packed executables in libclamav/spin.c can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. 3) An unspecified error in the processing of ARJ files can be exploited to hang ClamAV. 4) A boundary error within the processing of WWPack packed PE files in libclamav/pe.c can be exploited to cause a heap corruption. Successful exploitation may allow execution of arbitrary code. 5) An error in the processing of RAR files can be exploited to bypass the scanning mechanism via a RAR file containing an invalid version number. 6) An error exists within the "rfc2231()" function in message.c. This can be exploited to trigger the return of strings that are not NULL terminated and cause a crash. 7) An error in libclamunrar can be exploited to crash the application via specially crafted RAR files.
FSA431 - firefox
Csomag:firefox
Dátum:2008-04-25
Sebezhető verzió:2.0.0.13-1kalgan1
Nem érintett verzió:2.0.0.14-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3022
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1380
Leírás:A vulnerability has been reported in Mozilla Firefox, which can potentially be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the Javascript Garbage Collector and can be exploited to cause a memory corruption via specially crafted Javascript code. Successful exploitation may allow execution of arbitrary code.
FSA430 - sweep
Csomag:sweep
Dátum:2008-04-25
Sebezhető verzió:0.9.2-2
Nem érintett verzió:0.9.2-3kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3025
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
Leírás:A vulnerability has been reported in sweep, which can potentially be exploited by malicious people to compromise a vulnerable system. For more information, see FSA426.
FSA429 - vlc
Csomag:vlc
Dátum:2008-04-25
Sebezhető verzió:0.8.6-12kalgan1
Nem érintett verzió:0.8.6-12kalgan2
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3024
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
Leírás:A vulnerability has been reported in vlc, which can potentially be exploited by malicious people to compromise a vulnerable system. For more information, see FSA426.
FSA428 - sdl_sound
Csomag:sdl_sound
Dátum:2008-04-25
Sebezhető verzió:1.0.1-4
Nem érintett verzió:1.0.1-5kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3026
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
Leírás:A vulnerability has been reported in sdl_sound, which can potentially be exploited by malicious people to compromise a vulnerable system. For more information, see FSA426.
FSA427 - gst-plugins-good
Csomag:gst-plugins-good
Dátum:2008-04-25
Sebezhető verzió:0.10.7-1
Nem érintett verzió:0.10.7-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3031
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
Leírás:A vulnerability has been reported in gst-plugins-good, which can potentially be exploited by malicious people to compromise a vulnerable system. For more information, see FSA426.
FSA426 - speex
Csomag:speex
Dátum:2008-04-25
Sebezhető verzió:1.2beta3-1
Nem érintett verzió:1.2beta3-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3023
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686
Leírás:The reference speex decoder from the Speex library is performing insufficient boundary checks on a header structure read from user input. A user controlled field in the header structure is used to build a function pointer. The reference speex decoder does not check for negative values for the field, allowing the function pointer to be pointed at an arbitary position in memory. This allows remote code execution.
FSA425 - mailman
Csomag:mailman
Dátum:2008-04-25
Sebezhető verzió:2.1.9-2
Nem érintett verzió:2.1.9-3kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3020
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0564
Leírás:A vulnerability has been reported in Mailman, which can be exploited by malicious users to conduct script insertion attacks. Certain input when editing the list templates and the list info attribute is not properly sanitised before being stored. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious website is accessed. Successful exploitation requires list administrator privileges.
FSA424 - comix
Csomag:comix
Dátum:2008-04-14
Sebezhető verzió:3.6.4-1
Nem érintett verzió:3.6.4-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2923
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1568
Leírás:A vulnerability has been reported in Comix, which can be exploited by malicious people to compromise a user's sytem. The vulnerability is caused due to the improper verification of received filenames when executing the rar, unrar, or jpegtran programs. This can be exploited to execute arbitrary commands via a file containing shell metacharacters within the filename.
FSA423 - emacs
Csomag:emacs
Dátum:2008-04-14
Sebezhető verzió:22.1-2
Nem érintett verzió:22.1-3kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/3006
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1694
Leírás:Steve Grubb discovered that vcdiff script as shipped with Emacs uses temporary files insecurely, which makes it possible for local attacker to conduct a symlink attack and make the victim overwrite arbitrary file.
FSA422 - vlc
Csomag:vlc
Dátum:2008-04-14
Sebezhető verzió:0.8.6-11
Nem érintett verzió:0.8.6-12kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2904
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1489
Leírás:Some vulnerabilities have been reported in VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system. 1) An integer overflow error within the "MP4_ReadBox_rdrf()" function in modules/demux/mp4/libmp4.c can be exploited to cause a heap-based buffer overflow via e.g. a MP4 file with a specially crafted RDRF atom. 2) A boundary error within the "sdpplin_parse()" function in modules/access/rtsp/real_sdpplin.c can be exploited to overwrite arbitrary memory regions. 3) Two integer overflow errors within the "cinepak_decode_frame()" function in modules/codec/cinepak.c can be exploited to cause a heap-based buffer overflow. Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
FSA421 - sdlimage
Csomag:sdlimage
Dátum:2008-04-14
Sebezhető verzió:1.2.6-1
Nem érintett verzió:1.2.6-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2916
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6697 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0544
Leírás:Two vulnerabilities have been reported in SDL_image, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. 1) A boundary error within the "LWZReadByte()" function in IMG_gif.c can be exploited to trigger the overflow of a static buffer via a specially crafted GIF file. 2) A boundary error within the "IMG_LoadLBM_RW()" function in IMG_lbm.c can be exploited to cause a heap-based buffer overflow via a specially crafted IFF ILBM file.
FSA420 - flashplugin
Csomag:flashplugin
Dátum:2008-04-14
Sebezhető verzió:9.0.115.0-1
Nem érintett verzió:9.0.124.0-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2959
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0071 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6019 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6637 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1655
Leírás:Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or to potentially compromise a user's system. 1) A boundary error exists in the processing of "Declare Function (V7)" tags. This can be exploited to cause a heap-based buffer overflow via specially crafted flags. 2) An integer overflow in the processing of multimedia files can be exploited to cause a buffer overflow. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. 3) Errors when pinning a hostname to an IP address can be exploited to conduct DNS rebinding attacks. 4) An error when sending HTTP headers can be exploited to bypass cross-domain policy files. 5) An error exists in the enforcing of cross-domain policy files. This can be exploited to bypass certain security restrictions on web servers hosting cross-domain policy files. 6) Input passed to unspecified parameters when handling e.g. the "asfunction:" protocol is not properly sanitised before being returned to the user. This can be exploited to inject arbitrary HTML and script code in a user's browser session in context of an affected site.
FSA419 - gnome-screensaver
Csomag:gnome-screensaver
Dátum:2008-04-14
Sebezhető verzió:2.20.0-1
Nem érintett verzió:2.20.0-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2931
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0887
Leírás:A weakness and a security issue have been reported in gnome-screensaver, which can be exploited by malicious people with physical access to disclose potentially sensitive information or bypass certain security restrictions. 1) A weakness is caused due to the "Leave message" feature allowing attackers to e.g. paste the contents of the clipboard of the user who's screen is currently locked, which can be exploited to disclose potentially sensitive information. 2) A security issue is caused due to an error if the NIS authentication method is used. This can be exploited to bypass the authentication check and unlock the screen if the NIS server is not reachable.
FSA418 - mtr
Csomag:mtr
Dátum:2008-04-14
Sebezhető verzió:0.72-1
Nem érintett verzió:0.73-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2956
CVEk:There is no CVE for this issue.
Leírás:David Leadbeater has reported a vulnerability in mtr, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to mtr not properly limiting the length of some buffers.
FSA417 - xine-lib
Csomag:xine-lib
Dátum:2008-04-14
Beküldte:vmiklos
Sebezhető verzió:1.1.11-1kalgan1
Nem érintett verzió:1.1.11-1kalgan2
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2892
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1482
Leírás:Luigi Auriemma has reported some vulnerabilities in xine-lib, which potentially can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to integer overflow errors when allocating memory in src/demuxers/demux_flv.c, src/demuxers/demux_qt.c, src/demuxers/demux_real.c, src/demuxers/demux_wc3movie.c, src/demuxers/ebml.c, and src/demuxers/demux_film.c. These can be exploited to cause heap-based buffer overflows via overly large fields included in e.g. FLV, MOV, RM, MVE, MKV, and CAK files.
FSA416 - pdns-recursor
Csomag:pdns-recursor
Dátum:2008-04-14
Beküldte:vmiklos
Sebezhető verzió:3.1.4-3
Nem érintett verzió:3.1.5-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2924
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1637
Leírás:Amit Klein has reported a vulnerability in PowerDNS Recursor, which can be exploited by malicious people to poison the DNS cache. The vulnerability is caused due to the application using predictable standard C library functions to generate random numbers (e.g. "rand()" and "srand()"), which are then used to create the transaction ID (TRXID) and UDP source port. This can be exploited to poison the DNS cache by guessing the transaction TRXID and the UDP source port.
FSA415 - m4
Csomag:m4
Dátum:2008-04-14
Beküldte:vmiklos
Sebezhető verzió:1.4.10-1
Nem érintett verzió:1.4.10-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2963
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1687 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1688
Leírás:A vulnerability and a security issue have been reported in GNU M4, which can be exploited by malicious people to manipulate certain data or to potentially compromise a user's system. 1) A format string error exists within the "produce_frozen_state()" function in src/freeze.c. This can be exploited via a specially crafted filename passed as a parameter to "m4 -F". Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into processing a filename containing malicious format specifiers. 2) An error within the implementation of the "maketemp" and "mkstemp" macros can potentially be exploited to trigger the processing of improper files via special characters contained in the output string.
FSA414 - lighttpd
Csomag:lighttpd
Dátum:2008-04-14
Beküldte:vmiklos
Sebezhető verzió:1.4.19-1kalgan1
Nem érintett verzió:1.4.19-1kalgan2
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2922
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531
Leírás:A vulnerability has been reported in lighttpd, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to lighttpd not properly clearing the OpenSSL error queue. This can be exploited to close concurrent SSL connections of lighttpd by terminating one SSL connection.
FSA413 - python
Csomag:python
Dátum:2008-04-12
Beküldte:vmiklos
Sebezhető verzió:2.5.2-1
Nem érintett verzió:2.5.2-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2954
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1679
Leírás:David Remahl has discovered a security issue in the imageop module for Python, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The security issue is caused due to an incomplete fix (see FSA295) and can be exploited to cause a heap-based buffer overflow when specially crafted parameters are passed to the function. Successful exploitation may allow execution of arbitrary code.
FSA412 - cups
Csomag:cups
Dátum:2008-04-12
Beküldte:vmiklos
Sebezhető verzió:1.3.6-1
Nem érintett verzió:1.3.6-2kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2962
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1373
Leírás:Some vulnerabilities have been reported in CUPS, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system. 1) A boundary error exists within the "cgiCompileSearch()" function in cgi-bin/search.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted IPP request. Successful exploitation may allow execution of arbitrary code, but requires that the vulnerable system is sharing printers on the network. NOTE: If printer sharing is disabled, the vulnerability can only be exploited by malicious, local users. 2) A boundary error exists within the "gif_read_image()" function in filter/image-gif.c. This can be exploited to cause a buffer overflow via overly large "code_size" values in GIF image files. Successful exploitation may allow execution of arbitrary code.
FSA411 - opera
Csomag:opera
Dátum:2008-04-12
Beküldte:vmiklos
Sebezhető verzió:9.26-1
Nem érintett verzió:9.27-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2930
CVEk:There is no CVE for this issue, see: http://www.opera.com/support/search/view/881/ http://www.opera.com/support/search/view/882/
Leírás:Some vulnerabilities have been reported in Opera, which potentially can be exploited by malicious people to compromise a user's system. 1) An error when prompting the user to add a newsfeed can be exploited to cause an invalid memory access via a specially crafted newsfeed source. 2) An error exists in the processing of HTML CANVAS elements. This can be exploited to cause a memory corruption via specially crafted scaled pattern images. Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
FSA410 - gnupg2
Csomag:gnupg2
Dátum:2008-04-10
Beküldte:voroskoi
Sebezhető verzió:2.0.8-1
Nem érintett verzió:2.0.9-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2905
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1530
Leírás:A vulnerability has been reported in GnuPG, which can potentially be exploited to compromise a vulnerable system. The vulnerability is caused due to an error when importing keys with duplicated IDs. This can be exploited to cause a memory corruption when importing keys via --refresh-keys or --import. Successful exploitation potentially allows execution of arbitrary code, but has not been proven yet.
FSA409 - gnupg
Csomag:gnupg
Dátum:2008-04-10
Beküldte:voroskoi
Sebezhető verzió:1.4.8-1
Nem érintett verzió:1.4.9-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2905
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1530
Leírás:A vulnerability has been reported in GnuPG, which can potentially be exploited to compromise a vulnerable system. The vulnerability is caused due to an error when importing keys with duplicated IDs. This can be exploited to cause a memory corruption when importing keys via --refresh-keys or --import. Successful exploitation potentially allows execution of arbitrary code, but has not been proven yet.
FSA408 - wireshark
Csomag:wireshark
Dátum:2008-04-04
Beküldte:vmiklos
Sebezhető verzió:0.99.8-1
Nem érintett verzió:1.0.0-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2915
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1561 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1562 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1563
Leírás:Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerabilities are caused due to errors in the X.509sat, Roofnet, LDAP, and SCCP dissectors. These can be exploited to cause the application to crash when processing specially crafted packets that are either captured off the wire or loaded via a capture file.
FSA407 - seamonkey
Csomag:seamonkey
Dátum:2008-04-04
Beküldte:vmiklos
Sebezhető verzió:1.1.8-1
Nem érintett verzió:1.1.9-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2908
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4879 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1233 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1235 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1236 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1237 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1238 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1240 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1241
Leírás:Some vulnerabilities and weaknesses have been reported in Mozilla SeaMonkey, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and potentially compromise a user's system. For more information, please see FSA406.
FSA406 - firefox
Csomag:firefox
Dátum:2008-04-04
Beküldte:vmiklos
Sebezhető verzió:2.0.0.12-1
Nem érintett verzió:2.0.0.13-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2907
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4879 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1233 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1234 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1235 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1236 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1237 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1238 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1240 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1241
Leírás:Some vulnerabilities and weaknesses have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and potentially compromise a user's system. 1) An unspecified error in the handling of "XPCNativeWrappers" can lead to the execution of arbitrary Javascript code with the user's privileges via "setTimeout()" calls. 2) Various errors in the handling of Javascript code can be exploited to conduct cross-site scripting attacks or execute arbitrary code. 3) Various errors in the layout engine can be exploited to cause a memory corruption. 4) Various errors in the Javascript engine can be exploited to cause a memory corruption. Successful exploitation of these vulnerabilities may allow execution of arbitrary code. 5) An error within the handling of HTTP "Referer:" headers sent with requests to URLs containing "Basic Authentication" credentials having an empty username can be exploited to bypass cross-site request forgery protections. 6) The problem is that Firefox offers a previously configured private SSL certificate when establishing connections to webservers requesting SSL Client Authentication. This can potentially be exploited to disclose sensitive information via a malicious webserver. 7) An error in the handling of the "jar:" protocol can be exploited to establish connections to arbitrary ports on the local machine. 8) An error when displaying XUL pop-up windows can be exploited to hide the window's borders and facilitate phishing attacks.
FSA405 - openssh
Csomag:openssh
Dátum:2008-04-01
Beküldte:vmiklos
Sebezhető verzió:4.7p1-3
Nem érintett verzió:4.7p1-4kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2911
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483
Leírás:A vulnerability has been discovered in OpenSSH, which can be exploited by malicious, local users to disclose sensitive information. The vulnerability is caused due to sshd improperly binding TCP ports on the local IPV6 interface if required ports on the IPV4 interface are in use. This can be exploited by a malicious, local user to intercept an X11 forwarding session by listening to a port used by sshd to forward the local X11 display (e.g. port 6010/TCP).
FSA404 - phpmyadmin
Csomag:phpmyadmin
Dátum:2008-04-01
Beküldte:vmiklos
Sebezhető verzió:2.11.5-1
Nem érintett verzió:2.11.5.1-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2917
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1567
Leírás:im Hermann has discovered a vulnerability in phpMyAdmin, which can potentially be exploited by malicious users to disclose sensitive information. The MySQL username, password, and the Blowfish secret key are stored as plain text in session files. This can potentially be exploited e.g. by users on shared hosts to access that information.
FSA403 - horde-webmail
Csomag:horde-webmail
Dátum:2008-04-01
Beküldte:vmiklos
Sebezhető verzió:1.0.5-1
Nem érintett verzió:1.0.6-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2910
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1284
Leírás:A vulnerability has been reported in various Horde products, which can be exploited by malicious users to disclose sensitive information and potentially compromise a vulnerable system. Input passed to the "theme" parameter is not properly sanitised before being used. This can be exploited to include arbitrary files from local resources, using directory traversal attacks and URL-encoded NULL bytes ("%00"). NOTE: Other attack vectors are also reported to exist. Successful exploitation may allow execution of arbitrary code, but requires valid user credentials.
FSA402 - mplayer
Csomag:mplayer
Dátum:2008-04-01
Beküldte:vmiklos
Sebezhető verzió:1.0rc2-3
Nem érintett verzió:1.0rc2-4kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2913
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1558
Leírás:k`sOSe has discovered a vulnerability in MPlayer, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error in the "sdpplin_parse()" function in stream/realrtsp/sdpplin.c. This can be exploited to overwrite arbitrary memory regions via an overly large "StreamCount" SDP parameter. Successful exploitation may allow execution of arbitrary code.
FSA401 - j2sdk
Csomag:j2sdk
Dátum:2008-04-01
Beküldte:vmiklos
Sebezhető verzió:6-7
Nem érintett verzió:6-8kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2845
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1185 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1186 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1187 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1189 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1190 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1194 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1196
Leírás:Some vulnerabilities have been reported in Sun Java, which can be exploited by malicious people to cause a DoS (Denial of Service), to bypass certain security restrictions, or to compromise a vulnerable system. 1) Two unspecified errors in the Java Runtime Environment Virtual Machine can be exploited by a malicious, untrusted applet to read and write local files and execute local applications. 2) An unspecified error in the Java Runtime Environment (JRE) when processing XSLT transformations can be exploited by untrusted applets or applications to e.g. read certain URL resources or potentially execute arbitrary code. 3) A boundary error exists in the "useEncodingDecl()" function when parsing the xml header character encoding attribute. This can be exploited to cause a stack-based buffer overflow and execute arbitrary code via a specially crafted JNLP file containing an overly long charset name in the xml header. 4) A boundary error exists in the "useEncodingDecl()" function when processing xml-based JNLP files for UTF8 characters. This can be exploited to cause a stack-based buffer overflow and execute arbitrary code via a specially crafted JNLP file containing overly long key name in the xml header. 5) A boundary error exist in Java Web Start, which can be exploited e.g. by an untrusted Java Web Start application to read and write local files and execute local applications. 6) An unspecified error in Java Web Start can be exploited by a malicious, untrusted applet to read and write local files or execute local applications. 7) An unspecified error in Java Web Start can be exploited by an untrusted Java Web Start application to create files on the system and run local applications with the privileges of the user running the untrusted Java Web Start application. 8) An unspecified error in the Java Plug-in can be exploited by an applet to bypass the same origin policy and to execute local applications. 9) Some errors in the Java Runtime Environment image parsing library within the processing of ICC profiles can be exploited to crash the JVM or to write local files and execute local applications. 10) An error in the Java Runtime Environment may allow java script code within a browser to make connections through Java APIs to network services on the local system. 11) A boundary error exists in Java Web Start in the processing of JNLP files, which can be exploited to cause a stack-based buffer overflow when a user visits a malicious web site.
FSA400 - bzip2
Csomag:bzip2
Dátum:2008-03-27
Beküldte:voroskoi
Sebezhető verzió:1.0.4-1
Nem érintett verzió:1.0.5-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2903
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1372
Leírás:A vulnerability has been reported in bzip2, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the handling of malformed archives and can potentially be exploited to cause a DoS.
FSA399 - xine-lib
Csomag:xine-lib
Dátum:2008-03-24
Beküldte:vmiklos
Sebezhető verzió:1.1.10.1-1
Nem érintett verzió:1.1.11-1kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2887
CVEk:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073
Leírás:Secunia Research has discovered a vulnerability in xine-lib, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the "sdpplin_parse()" function in input/libreal/sdpplin.c. This can be exploited to overwrite arbitrary memory regions via an overly large "streamid" SDP parameter included in a malicious RTSP stream. Successful exploitation allows execution of arbitrary code.
FSA398 - tetex
Csomag:tetex
Dátum:2008-03-24
Beküldte:vmiklos
Sebezhető verzió:3.0-12
Nem érintett verzió:3.0-13kalgan1
Hibákövető rendszer bejegyzés:http://bugs.frugalware.org/task/2592
CVEk:http://cve.mitre.org/cgi-bin/cvename.