Frugalware Security Announcements (FSAs)

This is a list of security announcments that have been released for the current stable version of Frugalware

freetype2

  • Author: kikadf
  • Vulnerable: 2.4.11-1
  • Unaffected: 2.4.11-2rigel1

Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed font files.

CVEs:

sudo

  • Author: kikadf
  • Vulnerable: 1.8.9-1
  • Unaffected: 1.8.12-1rigel2

Jakub Wilk reported that sudo, a program designed to provide limited super user privileges to specific users, preserves the TZ variable from a user’s environment without any sanitization. A user with sudo access may take advantage of this to exploit bugs in the C library functions which parse the TZ environment variable or to open files that the user would not otherwise be able to open. The later could potentially cause changes in system behavior when reading certain device special files or cause the program run via sudo to block.

vlc

  • Author: kikadf
  • Vulnerable: 2.0.9-5
  • Unaffected: 2.0.9-6rigel2

The MP4 demuxer, when parsing string boxes, did not properly check the length of the box, leading to a possible integer underflow when using this length value in a call to memcpy(). The MP4 demuxer, when parsing string boxes, did not properly check that the conversion of the box length from 64bit integer to 32bit integer on 32bit platforms did not cause a truncation, leading to a possible buffer overflow. The MP4 demuxer, when parsing string boxes, did not properly check the length of the box, leading to a possible buffer overflow. The Dirac and Schroedinger encoders did not properly check for an integer overflow on 32bit platforms, leading to a possible buffer overflow.

postgresql

  • Author: kikadf
  • Vulnerable: 9.1.12-1
  • Unaffected: 9.1.15-1rigel2

A user with limited clearance on a table might have access to information in columns without SELECT rights on through server error messages. The function to_char() might read/write past the end of a buffer. This might crash the server when a formatting template is processed. The pgcrypto module is vulnerable to stack buffer overrun that might crash the server. Emil Lenngren reported that an attacker can inject SQL commands when the synchronization between client and server is lost.

binutils

  • Author: kikadf
  • Vulnerable: 2.24-4
  • Unaffected: 2.24-5rigel1

Michal Zalewski discovered that the srec_scan function in libbfd in GNU binutils allowed out-of-bounds reads. Michal Zalewski discovered that the setup_group function in libbfd in GNU binutils did not properly check group headers in ELF files. Hanno Böck discovered that the _bfd_XXi_swap_aouthdr_in function in libbfd in GNU binutils allowed out-of-bounds writes. Hanno Böck discovered a heap-based buffer overflow in the pe_print_edata function in libbfd in GNU binutils. Hanno Böck discovered a stack-based buffer overflow in the ihex_scan function in libbfd in GNU binutils. Michal Zalewski discovered a stack-based buffer overflow in the srec_scan function in libbfd in GNU binutils. Alexander Cherepanov discovered multiple directory traversal vulnerabilities in GNU binutils. Alexander Cherepanov discovered the _bfd_slurp_extended_name_table function in libbfd in GNU binutils allowed invalid writes when handling extended name tables in an archive.

dbus

  • Author: kikadf
  • Vulnerable: 1.8.2-4
  • Unaffected: 1.8.2-5rigel1

Simon McVittie discovered a local denial of service flaw in dbus, an asynchronous inter-process communication system. On systems with systemd-style service activation, dbus-daemon does not prevent forged ActivationFailure messages from non-root processes.

CVEs: