Frugalware Security Announcements (FSAs)
This is a list of security announcments that have been released for the current stable version of Frugalware
Author: kikadf Vulnerable: 3.6.23-1arcturus1 Unaffected: 3.6.24-1arcturus1 Denial of service (infinite CPU loop) in the nmbd Netbios name service daemon. Denial of service (daemon crash) in the smbd file server daemon.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0244 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3493
Author: kikadf Vulnerable: 3.10-7 Unaffected: 3.10-8arcturus1 Pinkie Pie discovered a flaw in the Linux kernel’s futex subsystem. Kernel Infoleak vulnerability in media_enum_entities(). Linux kernel user namespace bug.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4014
Author: kikadf Vulnerable: 29.0-1arcturus1 Unaffected: 30.0-1arcturus1 Gary Kwong, Christoph Diehl, Christian Holler, Hannes Verschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey, Jesse Ruderman, Gregor Wagner, Benoit Jacob and Karl Tomlinson discovered multiple memory safety issues in Firefox. Abhishek Arya discovered multiple use-after-free and out-of-bounds read issues in Firefox. Tyson Smith and Jesse Schwartzentruber discovered a use-after-free in the event listener manager. A use-after-free was discovered in the SMIL animation controller.
Author: kikadf Vulnerable: 35.0.1916.114-1arcturus1 Unaffected: 35.0.1916.153-1arcturus1 Use-after-free in filesystem api. Out-of-bounds read in SPDY. Buffer overflow in clipboard. Heap overflow in media.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3154 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3155 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3156 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3157
Author: kikadf Vulnerable: 1.1-1 Unaffected: 1.1-2arcturus1 It was discovered that a buffer overflow in the MuPDF viewer might lead to the execution of arbitrary code.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2013
Author: kikadf Vulnerable: 49-1 Unaffected: 50-1arcturus1 Thomas Stangner discovered a vulnerability in chkrootkit, a rootkit detector, which may allow local attackers to gain root access when /tmp is mounted without the noexec option.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0476
Author: kikadf Vulnerable: 34.0.1847.118-1arcturus1 Unaffected: 35.0.1916.114-1arcturus1 Cloudfuzzer discovered a use-after-free issue in the Blink/Webkit document object model implementation. Aaron Staple discovered an integer overflow issue in audio input handling. Atte Kettunen discovered a use-after-free issue in the Blink/Webkit scalable vector graphics implementation. Holger Fuhrmannek discovered an out-of-bounds read issue in the URL protocol implementation for handling media. Packagesu discovered a cross-site scripting issue involving malformed MHTML files. Jordan Milne discovered a user interface spoofing issue.
Author: kikadf Vulnerable: 1.0.1-5arcturus4 Unaffected: 1.0.1-5arcturus5 Jüri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. Kikuchi Masashi discovered that OpenSSL incorrectly handled certain handshakes. Felix Gröbert and Ivan Fratrić discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470
Author: kikadf Vulnerable: 0.3.4-1 Unaffected: 0.3.6-1arcturus1 Multiple vulnerabilities were discovered in the Python wrapper for the Gnu Privacy Guard (GPG). Insufficient sanitising could lead to the execution of arbitrary shell commands.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7323 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1927 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1928 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1929
Author: kikadf Vulnerable: 2.12.17-2arcturus1 Unaffected: 2.12.17-2arcturus2 Joonas Kuorilehto discovered that GNU TLS performed insufficient validation of session IDs during TLS/SSL handshakes. A malicious server could use this to execute arbitrary code or perform denial of service.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466
