Frugalware Security Announcements (FSAs)
This is a list of security announcments that have been released for the current stable version of Frugalware
Author: James Buren Vulnerable: 1.0.1-5arcturus1 Unaffected: 1.0.1-5arcturus2 A vulnerability has been discovered in OpenSSL’s support for the TLS/DTLS Heartbeat extension. Up to 64KB of memory from either client or server can be recovered by an attacker. This vulnerability might allow an attacker to compromise the private key and other sensitive data in memory.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
Author: kikadf Vulnerable: 1.4.32-2 Unaffected: 1.4.35-1arcturus1 Jann Horn discovered that specially crafted host names can be used to inject arbitrary MySQL queries in lighttpd servers using the MySQL virtual hosting module (mod_mysql_vhost). Jann Horn discovered that specially crafted host names can be used to traverse outside of the document root under certain situations in lighttpd servers using either the mod_mysql_vhost, mod_evhost, or mod_simple_vhost virtual hosting modules.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2323 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2324 http://cve.
Author: kikadf Vulnerable: 1.5.21-3 Unaffected: 1.5.21-4arcturus1 Beatrice Torracca and Evgeni Golov discovered a buffer overflow in the mutt mailreader. Malformed RFC2047 header lines could result in denial of service or potentially the execution of arbitrary code.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0467
Author: kikadf Vulnerable: 1.0.24-1 Unaffected: 1.0.24-2arcturus1 Florian Weimer of the Red Hat Product Security Team discovered multiple vulnerabilities in the pdftoopvp CUPS filter, which could result in the execution of aribitrary code if a malformed PDF file is processed.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6474 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6476
Author: kikadf Vulnerable: 5.14-2arcturus1 Unaffected: 5.14-2arcturus2 Aaron Reffett reported a flaw in the way the file utility determined the type of Portable Executable (PE) format files, the executable format used on Windows. When processing a defective or intentionally prepared PE executable which contains invalid offset information, the file_strncmp routine will access memory that is out of bounds, causing file to crash.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270
Author: kikadf Vulnerable: 1.3.1-1 Unaffected: 1.3.1-2arcturus1 Michael Scherer discovered that IcedTea Web created temporary directories in an unsafe fashion.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6493
Author: kikadf Vulnerable: 0.5.3-1 Unaffected: 0.5.3-2arcturus1 Aris Adamantiadis discovered that libssh allowed the OpenSSL PRNG state to be reused when implementing forking servers.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0176 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0017
Author: kikadf Vulnerable: 5.3.26-1 Unaffected: 5.3.26-2arcturus1 It was discovered that file, a file type classification tool, contains a flaw in the handling of indirect magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4413 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6712 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943
Author: kikadf Vulnerable: 9.1.9-1 Unaffected: 9.1.12-1arcturus1 Shore up GRANT … WITH ADMIN OPTION restrictions (Noah Misch). Prevent privilege escalation via manual calls to PL validator functions (Andres Freund). Avoid multiple name lookups during table and index DDL (Robert Haas, Andres Freund). Prevent buffer overrun with long datetime strings (Noah Misch). Prevent buffer overrun due to integer overflow in size calculations (Noah Misch, Heikki Linnakangas). Prevent overruns of fixed-size buffers (Peter Eisentraut, Jozef Mlich).
Author: kikadf Vulnerable: 1.0.4-7 Unaffected: 1.0.4-8arcturus1 Florian Weimer discovered a buffer overflow in udisks’s mount path parsing code which may result in privilege escalation.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0004
