Frugalware Security Announcements (FSAs)
This is a list of security announcments that have been released for the current stable version of Frugalware
Author: kikadf Vulnerable: 1.4.5-2arcturus2 Unaffected: 1.4.5-2arcturus3 Integer overflow of allocations in font metadata file parsing could allow a local user who is already authenticated to the X server to overwrite other memory in the heap. Libxfont does not validate length fields when parsing xfs protocol replies allowing to write past the bounds of allocated memory when storing the returned data from the font server. Integer overflows calculating memory needs for xfs replies could result in allocating too little memory and then writing the returned data from the font server past the end of the allocated buffer.
Author: kikadf Vulnerable: 9.18-1 Unaffected: 9.18-2arcturus1 Phillip Hallam-Baker discovered that window property values could be queried in rxvt-unicode, resulting in the potential execution of arbitrary commands.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3121
Author: kikadf Vulnerable: 3.9.5-1 Unaffected: 3.9.5-2arcturus1 It was discovered that LibTIFF incorrectly handled certain malformed images when using the gif2tiff tool. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1173 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4564 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5581 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1960 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1961 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4231 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4232 http://cve.
Author: kikadf Vulnerable: 1.0.1-5arcturus3 Unaffected: 1.0.1-5arcturus4 It was discovered that OpenSSL incorrectly handled memory in the do_ssl3_write() function. A remote attacker could use this issue to possibly cause OpenSSL to crash, resulting in a denial of service.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198
Author: kikadf Vulnerable: 5.0.1-2arcturus1 Unaffected: 5.0.1-2arcturus2 A vulnerability has been found in the ASN.1 parser of strongSwan, an IKE/IPsec suite used to establish IPsec protected links.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2891
Author: kikadf Vulnerable: 0.6.2-1 Unaffected: 0.6.2-2arcturus1 Alex Chapman discovered that a buffer overflow in processing “MMS over HTTP” messages could result in the execution of arbitrary code.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2892
Author: kikadf Vulnerable: 1.5.2-3arcturus3 Unaffected: 1.5.2-3arcturus4 Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. Benoît Canet discovered that QEMU incorrectly handled SMART self-tests. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4544 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2894
Author: kikadf Vulnerable: 6.30-1arcturus1 Unaffected: 6.31-1arcturus1 An information disclosure vulnerability was discovered in Drupal, a fully-featured content management framework. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to other users interacting with the same form at the same time.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2983
Author: kikadf Vulnerable: 7.22-2arcturus1 Unaffected: 7.22-2arcturus2 An information disclosure vulnerability was discovered in Drupal, a fully-featured content management framework. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to other users interacting with the same form at the same time.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2983
Author: kikadf Vulnerable: 1.6.1-3arcturus1 Unaffected: 1.6.1-3arcturus2 Alex Korobkin discovered that the CUPS web interface incorrectly protected against cross-site scripting (XSS) attacks.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2856
