Frugalware Security Announcements (FSAs)

Author: Miklos Vajna Vulnerable: 1.2.5-1 Unaffected: 1.2.7-1mores1 A vulnerability has been discovered in MantisBT, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the “project_id” parameter to search.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. Bug Tracker URL: http://bugs.

Author: Miklos Vajna Vulnerable: 0.3-2 Unaffected: 0.5.4-1mores1 A vulnerability has been reported in RoundCube Webmail, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the “_mbox” parameter to various scripts is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. Bug Tracker URL: http://bugs.

Author: Miklos Vajna Vulnerable: 3.02-6 Unaffected: 3.02-7mores1 Some vulnerabilities have been reported in Xpdf, which can be exploited by malicious people to potentially compromise a user’s system. Multiple integer overflows in “SplashBitmap::SplashBitmap()” can be exploited to cause heap-based buffer overflows. An integer overflow error in “ObjectStream::ObjectStream()” can be exploited to cause a heap-based buffer overflow. Multiple integer overflows in “Splash::drawImage()” can be exploited to cause heap-based buffer overflows. An integer overflow error in “PSOutputDev::doImageL1Sep()” can be exploited to cause a heap-based buffer overflow when converting a PDF document to a PS file.

Author: Miklos Vajna Vulnerable: 10.3.181.34-1 Unaffected: 10.3.183.5-1mores1 Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to disclose sensitive information and compromise a user’s system. An unspecified error can be exploited to cause a buffer overflow and potentially execute arbitrary code. An unspecified error can be exploited to cause a buffer overflow and potentially execute arbitrary code. An error exists within a certain ActionScript function in the “flash.

Author: Miklos Vajna Vulnerable: 7.4-1nexon1 Unaffected: 7.7-1nexon1 A vulnerability has been reported in Drupal, which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to the application not properly restricting access to files attached to a comment when access to the comment is restricted, which can be exploited to e.g. download the files. Bug Tracker URL: http://bugs.frugalware.org/task/4538 CVEs: No CVE references, see http://drupal.

Author: Miklos Vajna Vulnerable: 6.x_1.23-1 Unaffected: 6.x_1.25-1nexon1 A vulnerability has been reported in the Devel module for Drupal, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions in the Switch User block via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain unspecified actions by tricking a logged in user into visiting a malicious web site.

Author: Miklos Vajna Vulnerable: 3.4.3.1-1nexon1 Unaffected: 3.4.3.2-1nexon1 Multiple vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious users to conduct cross-site scripting attacks and potentially compromise a vulnerable system and by malicious people to disclose potentially sensitive information and potentially compromise a vulnerable system. Certain input passed to the table name in the table print view script is not properly sanitised before being returned to the user.

Author: Miklos Vajna Vulnerable: 1.4.7-1nexon1 Unaffected: 1.6.1-1nexon1 Two vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). An error in the Lucent/Ascend file parser can be exploited to cause an infinite loop via specially crafted packets. An infinite recursion error in the “elem_cell_id_list()” function in epan/dissectors/packet-ansi_a.c can be exploited to cause a stack overflow e.g. via a specially crafted MAP packet.

Author: Miklos Vajna Vulnerable: 3.3.9.2-1nexon1 Unaffected: 3.4.3.1-1nexon1 Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious users to disclose sensitive information and by malicious users and malicious people to compromise a vulnerable system. An error within the “Swekey_login()” function in libraries/auth/swekey/swekey.auth.lib.php can be exploited to overwrite session variables and e.g. inject and execute arbitrary PHP code. Input passed to the “PMA_createTargetTables()” function in libraries/server_synchronize.lib.php is not properly sanitised before calling the “preg_replace()” function with the “e” modifier.

Author: Miklos Vajna Vulnerable: 7.2-1nexon1 Unaffected: 7.4-1nexon1 A vulnerability has been reported in Drupal, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to the node_access system restrictions not being enforced and can be exploited to view otherwise restricted nodes. NOTE: This affects the taxonomy and forum subsystems. Bug Tracker URL: http://bugs.frugalware.org/task/4521 CVEs: No CVE, see http://drupal.org/node/1204582