cups
- Author: kikadf
- Vulnerable: 1.6.1-3arcturus2
- Unaffected: 1.6.1-3arcturus3
Francisco Alonso discovered that the CUPS web interface incorrectly validated permissions on rss files.
Frugalware Security Announcements (FSAs)
This is a list of security announcments that have been released for the current stable version of Frugalware
drupal6
- Author: kikadf
- Vulnerable: 6.31-1arcturus1
- Unaffected: 6.32-1arcturus1
Multiple security issues have been discovered in the Drupal content management system, ranging from denial of service to cross-site scripting.
CVEs:
drupal7
- Author: kikadf
- Vulnerable: 7.22-2arcturus2
- Unaffected: 7.22-2arcturus3
Multiple security issues have been discovered in the Drupal content management system, ranging from denial of service to cross-site scripting.
CVEs:
libtasn1
- Author: kikadf
- Vulnerable: 2.11-1
- Unaffected: 2.11-2arcturus1
It was discovered that Libtasn1 incorrectly handled certain ASN.1 data structures. It was discovered that Libtasn1 incorrectly handled negative bit lengths.
CVEs:
activerecord
- Author: kikadf
- Vulnerable: 3.2.13-1
- Unaffected: 3.2.13-2arcturus1
Sean Griffin discovered two vulnerabilities in the PostgreSQL adapter for Active Record which could lead to SQL injection.
CVEs:
fail2ban
- Author: kikadf
- Vulnerable: 0.8.4-3
- Unaffected: 0.8.13-1arcturus1
Two vulnerabilities were discovered in Fail2ban, a solution to ban hosts that cause multiple authentication errors. When using Fail2ban to monitor Postfix or Cyrus IMAP logs, improper input validation in log parsing could enable a remote attacker to trigger an IP ban on arbitrary addresses, resulting in denial of service.
CVEs:
file
- Author: kikadf
- Vulnerable: 5.14-2arcturus2
- Unaffected: 5.14-2arcturus3
Mike Frysinger discovered that the file awk script detector used multiple wildcard with unlimited repetitions. Francisco Alonso discovered that file incorrectly handled certain CDF documents. Jan Kaluža discovered that file did not properly restrict the amount of data read during regex searches.
CVEs:
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7345
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
miniupnpc
- Author: kikadf
- Vulnerable: 1.7-1
- Unaffected: 1.7-2arcturus1
It was discovered that MiniUPnPc incorrectly handled certain buffer lengths.
CVEs:
mysql
- Author: kikadf
- Vulnerable: 5.5.37-1arcturus1
- Unaffected: 5.5.38-1arcturus1
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC. Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.
transmission-cli
- Author: kikadf
- Vulnerable: 2.81-1
- Unaffected: 2.81-2arcturus1
Ben Hawkes discovered that Transmission incorrectly handled certain peer messages.