Frugalware Security Announcements (FSAs)

Author: kikadf Vulnerable: 1.5.2-1 Unaffected: 1.5.2-2arcturus1 Benjamin Bach discovered that Django incorrectly handled dotted Python paths when using the reverse() function. Paul McMillan discovered that Django incorrectly cached certain pages that contained CSRF cookies. Michael Koziarski discovered that Django did not always perform explicit conversion of certain fields when using a MySQL database. CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0472 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0473 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0474

Author: kikadf Vulnerable: 1.5.2-3arcturus2 Unaffected: 1.5.2-3arcturus3 Michael S. Tsirkin of Red Hat discovered a buffer overflow flaw in the way qemu processed MAC addresses table update requests from the guest. A privileged guest user could use this flaw to corrupt qemu process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the qemu process. CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0150

Author: kikadf Vulnerable: 4.2.6p5-2 Unaffected: 4.2.6p5-3arcturus1 The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013. CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211

Author: kikadf Vulnerable: 6.1p1-1 Unaffected: 6.1p1-2arcturus1 Jann Horn discovered that OpenSSH incorrectly handled wildcards in AcceptEnv lines. A remote attacker could use this issue to trick OpenSSH into accepting any environment variable that contains the characters before the wildcard character. Matthew Vernon reported that if a SSH server offers a HostCertificate that the ssh client doesn’t accept, then the client doesn’t check the DNS for SSHFP records. As a consequence a malicious server can disable SSHFP-checking by presenting a certificate.

Author: kikadf Vulnerable: 1.0.1-5arcturus2 Unaffected: 1.0.1-5arcturus3 A read buffer can be freed even when it still contains data that is used later on, leading to a use-after-free. Given a race condition in a multi-threaded application it may permit an attacker to inject data from one connection into another or cause denial of service. CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298

Author: kikadf Vulnerable: 2.7.5-1 Unaffected: 2.7.5-2arcturus1 Ryan Sleevi discovered that NULL characters in the subject alternate names of SSL cerficates were parsed incorrectly. Ryan Smith-Roberts discovered a buffer overflow in the socket.recvfrom_into() function. CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1912

Author: kikadf Vulnerable: 1.1.7-4 Unaffected: 1.1.7-5arcturus1 Jakub Wilk discovered that the Python Imaging Library incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files, or gain access to temporary file contents. CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1932 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1933

Author: kikadf Vulnerable: 2.3.6-1 Unaffected: 2.3.6-2arcturus1 An SQL injection vulnerability was discovered in postfixadmin, a web administration interface for the Postfix Mail Transport Agent, which allowed authenticated users to make arbitrary manipulations to the database. CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2655

Author: kikadf Vulnerable: 3.6.9-4arcturus1 Unaffected: 3.6.23-1arcturus1 Andrew Bartlett discovered that Samba did not properly enforce the password guessing protection mechanism for all interfaces. Samba have a flaw in the smbcacls command. If smbcacls is used with the “-C|–chown name” or “-G|–chgrp name” command options it will remove the existing ACL on the object being modified, leaving the file or directory unprotected. CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4496 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6442

Author: kikadf Vulnerable: 5.0.1-1 Unaffected: 5.0.1-2arcturus1 A vulnerability has been found in the ASN.1 parser of strongSwan, an IKE daemon used to establish IPsec protected links. An authentication bypass vulnerability was found in charon, the daemon handling IKEv2 in strongSwan, an IKE/IPsec suite. The state machine handling the security association (IKE_SA) handled some state transitions incorrectly. CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5018 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6075 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2338