mod_wsgi
- Author: kikadf
- Vulnerable: 3.4-1
- Unaffected: 3.4-2arcturus1
Robert Kisteleki discovered a potential privilege escalation in daemon mode.
Frugalware Security Announcements (FSAs)
This is a list of security announcments that have been released for the current stable version of Frugalware
php
- Author: kikadf
- Vulnerable: 5.3.26-2arcturus1
- Unaffected: 5.3.26-2arcturus2
The default PHP FPM socket permission has been changed from 0666 to 0660 to mitigate a security vulnerability (CVE-2014-0185) in PHP FPM that allowed any local user to run a PHP code under the active user of FPM process via crafted FastCGI client. Denial of service in the CDF parser of the fileinfo module. (CVE-2014-0237,0238) Denial of service in the fileinfo module. (CVE-2014-2270)
CVEs:
lxml
- Author: kikadf
- Vulnerable: 2.3-1
- Unaffected: 2.3.5-1arcturus1
It was discovered that the lxml.html.clean module incorrectly stripped control characters. An attacked could potentially exploit this to conduct cross-site scripting (XSS) attacks.
CVEs:
libgadu
- Author: kikadf
- Vulnerable: 1.11.2-2arcturus1
- Unaffected: 1.11.2-2arcturus2
It was discovered that libgadu incorrectly handled certain messages from file relay servers.
CVEs:
pidgin
- Author: kikadf
- Vulnerable: 2.10.7-2arcturus2
- Unaffected: 2.10.7-2arcturus3
It was discovered that Pidgin incorrectly handled certain messages from Gadu-Gadu file relay servers.
CVEs:
actionpack
- Author: kikadf
- Vulnerable: 3.2.6-2arcturus1
- Unaffected: 3.2.6-2arcturus2
The actionview/lib/action_view/helpers/number_helper.rb contains multiple cross-site scripting vulnerabilities. The actionpack/lib/action_view/template/text.rb performs symbol interning on MIME type strings, allowing remote denial-of-service attacks via increased memory consumption. A directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb allows remote attackers to read arbitrary files.
CVEs:
dovecot
- Author: kikadf
- Vulnerable: 2.1.8-2
- Unaffected: 2.1.8-3arcturus1
It was discovered that Dovecot incorrectly handled closing inactive SSL/TLS connections.
CVEs:
libxml2
- Author: kikadf
- Vulnerable: 2.8.0-1
- Unaffected: 2.8.0-2arcturus1
It was discovered that libxml2 had a heap-based buffer underflow when parsing entities. It was discovered that libxml2 would load XML external entities by default. It was discovered that libxml2 incorrectly handled documents that end abruptly. Daniel Berrange discovered that libxml2 would incorrectly perform entity substitution even when requested not to.
CVEs:
django
- Author: kikadf
- Vulnerable: 1.5.2-2arcturus1
- Unaffected: 1.5.2-2arcturus2
Stephen Stewart, Michael Nelson, Natalia Bidart and James Westby discovered that Django improperly removed Vary and Cache-Control headers from HTTP responses when replying to a request from an Internet Explorer or Chrome Frame client. Peter Kuma and Gavin Wahl discovered that Django did not correctly validate some malformed URLs, which are accepted by some browsers.
CVEs:
kernel
- Author: James Buren
- Vulnerable: 3.10-6
- Unaffected: 3.10-7
Jiri Slaby discovered a race condition in the pty layer, which could lead to denial of service or privilege escalation. Matthew Daley discovered that missing input sanitising in the FDRAWCMD ioctl and an information leak could result in privilege escalation. Incorrect reference counting in the ping_init_sock() function allows denial of service or privilege escalation. Incorrect locking of memory can result in local denial of service.