Frugalware Security Announcements (FSAs)

Author: Miklos Vajna Vulnerable: 3.1.3-1nexon1 Unaffected: 3.1.4-1nexon1 Multiple vulnerabilities have been reported in WordPress, which can be exploited by malicious users to bypass certain security restrictions and conduct SQL injection attacks. An unspecified error can be exploited to gain further access to the site. Input passed via the “order” and “orderby” parameters to wp-admin/link-manager.php and wp-admin/edit-tags.php is not properly sanitised in wp-includes/taxonomy.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Author: Miklos Vajna Vulnerable: 3.3.0.4-3 Unaffected: 3.3.3.1-1nexon1 Multiple vulnerabilities have been reported in LibreOffice, which can be exploited by malicious people to compromise a user’s system. The vulnerabilities are caused due to errors in the import filter when processing Lotus Word Pro (LWP) files and can be exploited to cause a stack-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious LWP file.

Author: Miklos Vajna Vulnerable: 1.4.6-1nexon1 Unaffected: 1.4.7-1nexon1 Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). An error in the DICOM dissector can be exploited to cause an infinite loop when processing certain malformed packets. An error when processing a Diameter dictionary file can be exploited to cause the process to crash. An error when processing a snoop file can be exploited to cause the process to crash.

Author: Miklos Vajna Vulnerable: 2.4.2-1 Unaffected: 2.4.2-2nexon1 Some vulnerabilities have been reported in FreeType, which can be exploited to cause a DoS (Denial of Service) or potentially compromise an application using the library. An error exists in the “ft_var_readpackedpoints()” function in src/truetype/ttgxvar.c when processing TrueType GX fonts and can be exploited to cause a heap-based buffer overflow via a specially crafted font. An error within the “Ins_SHZ()” function in src/truetype/ttinterp.

Author: Miklos Vajna Vulnerable: 6.20-3 Unaffected: 6.22-1nexon1 Two vulnerabilities have been reported in Drupal, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks. Certain input passed via the URL is not properly sanitised in the Drupal error handler before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

Author: Miklos Vajna Vulnerable: 6.x_3.6-2 Unaffected: 6.x_3.11-1nexon1 Justin Klein Keane has discovered multiple vulnerabilities in the Webform module for Drupal, which can be exploited by malicious users and malicious people to conduct script insertion attacks. Input passed via the “name” parameter when submitting a new webform field is not properly sanitised in sites/all/modules/webform/includes/webform.report.inc before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user’s browser session in context of an affected site when the malicious data is being viewed.

Author: Miklos Vajna Vulnerable: 7.0-1 Unaffected: 7.2-1nexon1 A vulnerability and a security issue have been reported in Drupal, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to bypass certain security restrictions. An error in the Color module can be exploited to conduct script insertion attacks. For more information see vulnerability #2 in: FSA721. A security issue in the File module (modules/file/file.module) in combination with restrictions via a node access module can be exploited to disclose private files.

Author: Miklos Vajna Vulnerable: 3.1.2-1nexon1 Unaffected: 3.1.3-1nexon1 neworder has discovered a vulnerability in the is_human() plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the “type” parameter in engine.php (when e.g. “action” is set to “log-reset”) is not properly verified before being used in an “eval()” function and can be exploited to inject and execute arbitrary PHP code. Bug Tracker URL: http://bugs.

Author: Miklos Vajna Vulnerable: 2.6.37-2 Unaffected: 2.6.37-3nexon1 Secutity issues have been reported in the Linux kernel: The start_code and end_code values in “/proc/[pid]/stat” were not protected. In certain scenarios, this flaw could be used to defeat Address Space Layout Randomization (ASLR). An integer signedness flaw in drm_modeset_ctl() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. A flaw in dev_load() could allow a local user who has the CAP_NET_ADMIN capability to load arbitrary modules from “/lib/modules/”, instead of only netdev modules.

Author: Miklos Vajna Vulnerable: 3.1.1-1nexon1 Unaffected: 3.1.2-1nexon1 A security issue has been reported in WordPress, which can be exploited by malicious users to bypass certain security restrictions. The security issue is caused due to wp-admin/press-this.php script not properly checking a user’s permissions before publishing posts and can be exploited by users without the “publish_posts” permission. Successful exploitation requires “Contributor-level” privileges. Bug Tracker URL: http://bugs.frugalware.org/task/4478 CVEs: No CVE references, see http://codex.