Frugalware Security Announcements (FSAs)

Author: kikadf Vulnerable: 1.6.1-3arcturus2 Unaffected: 1.6.1-3arcturus3 Francisco Alonso discovered that the CUPS web interface incorrectly validated permissions on rss files. CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3537

Author: kikadf Vulnerable: 6.31-1arcturus1 Unaffected: 6.32-1arcturus1 Multiple security issues have been discovered in the Drupal content management system, ranging from denial of service to cross-site scripting. CVEs: https://www.drupal.org/SA-CORE-2014-003

Author: kikadf Vulnerable: 7.22-2arcturus2 Unaffected: 7.22-2arcturus3 Multiple security issues have been discovered in the Drupal content management system, ranging from denial of service to cross-site scripting. CVEs: https://www.drupal.org/SA-CORE-2014-003

Author: kikadf Vulnerable: 2.11-1 Unaffected: 2.11-2arcturus1 It was discovered that Libtasn1 incorrectly handled certain ASN.1 data structures. It was discovered that Libtasn1 incorrectly handled negative bit lengths. CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3467 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3468 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3469

Author: kikadf Vulnerable: 3.2.13-1 Unaffected: 3.2.13-2arcturus1 Sean Griffin discovered two vulnerabilities in the PostgreSQL adapter for Active Record which could lead to SQL injection. CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483

Author: kikadf Vulnerable: 0.8.4-3 Unaffected: 0.8.13-1arcturus1 Two vulnerabilities were discovered in Fail2ban, a solution to ban hosts that cause multiple authentication errors. When using Fail2ban to monitor Postfix or Cyrus IMAP logs, improper input validation in log parsing could enable a remote attacker to trigger an IP ban on arbitrary addresses, resulting in denial of service. CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7176 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7177

Author: kikadf Vulnerable: 5.14-2arcturus2 Unaffected: 5.14-2arcturus3 Mike Frysinger discovered that the file awk script detector used multiple wildcard with unlimited repetitions. Francisco Alonso discovered that file incorrectly handled certain CDF documents. Jan Kaluža discovered that file did not properly restrict the amount of data read during regex searches. CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538

Author: kikadf Vulnerable: 1.7-1 Unaffected: 1.7-2arcturus1 It was discovered that MiniUPnPc incorrectly handled certain buffer lengths. CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3985

Author: kikadf Vulnerable: 5.5.37-1arcturus1 Unaffected: 5.5.38-1arcturus1 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.

Author: kikadf Vulnerable: 2.81-1 Unaffected: 2.81-2arcturus1 Ben Hawkes discovered that Transmission incorrectly handled certain peer messages. CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4909