Frugalware Security Announcements (FSAs)

This is a list of security announcments that have been released for the current stable version of Frugalware

curl

  • Author: kikadf
  • Vulnerable: 7.26.0-2arcturus1
  • Unaffected: 7.26.0-2arcturus2

Paras Sethia and Yehezkel Horowitz discovered that libcurl incorrectly reused connections when NTLM authentication was being used. This could lead to the use of unintended credentials, possibly exposing sensitive information.

CVEs:

libotr

  • Author: kikadf
  • Vulnerable: 3.2.0-3
  • Unaffected: 3.2.0-4arcturus1

Just Ferguson discovered that libotr, an off-the-record (OTR) messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can exploit this flaw by sending crafted messages to an application that is using libotr to perform denial of service attacks or potentially execute arbitrary code.

CVEs:

libyaml

  • Author: kikadf
  • Vulnerable: 0.1.4-2
  • Unaffected: 0.1.4-3arcturus1

Florian Weimer discovered that LibYAML incorrectly handled certain large yaml documents. An attacker could use this issue to cause LibYAML to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVEs:

qemu

  • Author: kikadf
  • Vulnerable: 1.5.2-2
  • Unaffected: 1.5.2-3arcturus2

Asias He discovered that QEMU incorrectly handled SCSI controllers with more than 256 attached devices. A local user could possibly use this flaw to elevate privileges. (CVE-2013-4344) It was discovered that QEMU incorrectly handled Xen disks. A local guest could possibly use this flaw to consume resources, resulting in a denial of service. (CVE-2013-4375) Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging. A local user could possibly use this flaw to cause a denial of service. (CVE-2013-4377)

curl

  • Author: kikadf
  • Vulnerable: 7.26.0-1
  • Unaffected: 7.26.0-2arcturus1

CVE-2013-0249: It was discovered that curl incorrectly handled SASL authentication when communicating over POP3, SMTP or IMAP. CVE-2013-1944: Yamada Yasuharu discovered that cURL, an URL transfer library, is vulnerable to expose potentially sensitive information when doing requests across domains with matching tails. CVE-2013-2174: Timo Sirainen discovered that cURL, an URL transfer library, is prone to a heap overflow vulnerability due to bad checking of the input data in the curl_easy_unescape function. CVE-2013-4545: Scott Cantor discovered that curl, a file retrieval tool, would disable the CURLOPT_SSLVERIFYHOST check when the CURLOPT_SSL_VERIFYPEER setting was disabled. This would also disable ssl certificate host name checks when it should have only disabled verification of the certificate trust chain. CVE-2013-6422: Marc Deslauriers discovered that curl, a file retrieval tool, would mistakenly skip verifying the CN and SAN name fields when digital signature verification was disabled in the libcurl GnuTLS backend.

gnupg

  • Author: kikadf
  • Vulnerable: 1.4.14-1
  • Unaffected: 1.4.14-2arcturus1

Daniel Kahn Gillmor discovered that GnuPG treated keys with empty usage flags as being valid for all usages. (CVE-2013-4351) Taylor R Campbell discovered that GnuPG incorrectly handled certain OpenPGP messages. (CVE-2013-4402) Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an adaptive chosen ciphertext attack via acoustic emanations. (CVE-2013-4576)

CVEs:

cups

  • Author: kikadf
  • Vulnerable: 1.6.1-2
  • Unaffected: 1.6.1-3arcturus1

Jann Horn discovered that the CUPS lppasswd tool incorrectly read a user configuration file in certain configurations. A local attacker could use this to read sensitive information from certain files, bypassing access restrictions.

CVEs:

graphviz

  • Author: kikadf
  • Vulnerable: 2.28.0-1
  • Unaffected: 2.28.0-2arcturus2

CVE-2014-0978: It was discovered that user-supplied input used in the yyerror() function in lib/cgraph/scan.l is not bound-checked before beeing copied into an insufficiently sized memory buffer. A context-dependent attacker could supply a specially crafted input file containing a long line to cause a stack-based buffer overlow, resulting in a denial of service (application crash) or potentially allowing the execution of arbitrary code. CVE-2014-1236: Sebastian Krahmer reported an overflow condition in the chkNum() function in lib/cgraph/scan.l that is triggered as the used regular expression accepts an arbitrary long digit list. With a specially crafted input file, a context-dependent attacker can cause a stack-based buffer overflow, resulting in a denial of service (application crash) or potentially allowing the execution of arbitrary code.

nspr

  • Author: kikadf
  • Vulnerable: 4.9.2-3
  • Unaffected: 4.9.2-4arcturus1

It was discovered that NSPR, Netscape Portable Runtime library, could crash an application using the library when parsing a certificate that causes an integer overflow. This flaw only affects 64-bit systems.

CVEs: