Frugalware Security Announcements (FSAs)

Author: Miklos Vajna Vulnerable: 1.2.4-1 Unaffected: 1.2.9-1haven1 A vulnerability has been reported in various Horde products, which can be exploited by malicious people to conduct script insertion attacks. Certain unspecified input is not properly sanitised before being displayed to the user while viewing a vCard. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user’s browser session in context of an affected site when the malicious vCard is being viewed.

Author: Miklos Vajna Vulnerable: 1.2.3-1haven1 Unaffected: 1.2.4-1haven1 Gjoko Krstic has reported some vulnerabilities in MantisBT, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information. Input passed via the “db_type” parameter to admin/upgrade_unattended.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

Author: Miklos Vajna Vulnerable: 1.4.2-1haven1 Unaffected: 1.4.3-1haven1 Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. A boundary error in the “dissect_enttec_dmx_data()” function (epan/dissectors/packet-enttec.c) when processing RLE Compressed DMX data of the ENTTEC protocol can be exploited to cause a buffer overflow via a specially crafted packet sent to UDP port 3333.

Author: Miklos Vajna Vulnerable: 3.0.2-1haven1 Unaffected: 3.0.3-1haven1 A security issue has been reported in WordPress, which can be exploited by malicious users to bypass certain security restrictions. The security issue is caused due to the XML-RPC remote publishing interface not properly enforcing access control restrictions for editing, publishing, or deleting posts. Successful exploitation of this security issue requires “Author level” or “Contributor level” permissions and that remote publishing is enabled.

Author: Miklos Vajna Vulnerable: 3.0.3-1haven1 Unaffected: 3.0.4-1haven1 A vulnerability has been reported in WordPress, which can be exploited by malicious users to conduct script insertion attacks. Certain input containing protocol strings (e.g. the HREF attribute of the “A” HTML tag) is not properly sanitised in the KSES library before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user’s browser session in the context of an affected site when the malicious data is being viewed.

Author: Miklos Vajna Vulnerable: 2.6.35-1 Unaffected: 2.6.35-2haven1 Multiple vulnerabilities have been reported in the Linux kernel: The do_anonymous_page function in mm/memory.c does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server. The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rendering Manager (DRM) subsystem allows local users to obtain potentially sensitive information from kernel memory by requesting a large memory-allocation amount.

Author: Miklos Vajna Vulnerable: 2.6.35-1 Unaffected: 2.6.35-2haven1 This fixes multiple vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. Bug Tracker URL: http://bugs.frugalware.org/task/4384 CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3850

Author: Miklos Vajna Vulnerable: 3.0.1-1 Unaffected: 3.0.2-1haven1 A vulnerability has been reported in WordPress, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via the “Send Trackbacks” field when creating a new post is not properly sanitised in wp-includes/comment.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires “Author-level” permissions.

Author: Miklos Vajna Vulnerable: 6.x_1.9-1 Unaffected: 6.x_1.10-1haven1 Two vulnerabilities have been reported in Lightbox2 module for Drupal, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks. A vulnerability exists in the access control mechanism for video content and can be exploited to get access to restricted video content. Input passed via unspecified parameters is not properly sanitised before being returned to the user.

Author: Miklos Vajna Vulnerable: 1.2.2-1 Unaffected: 1.2.3-1haven1 Some vulnerabilities have been reported in MantisBT, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks. The application bundles a vulnerable version of NuSOAP. Certain Input passed via custom field types is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user’s browser session in context of an affected site when the malicious data is being viewed.