sox
- Author: kikadf
- Vulnerable: 14.3.2-1
- Unaffected: 14.3.2-2arcturus1
Michele Spagnuolo of the Google Security Team dicovered two heap-based buffer overflows in SoX, the Swiss Army knife of sound processing programs.
Frugalware Security Announcements (FSAs)
This is a list of security announcments that have been released for the current stable version of Frugalware
unzip
- Author: kikadf
- Vulnerable: 6.0-2
- Unaffected: 6.0-3arcturus1
Michele Spagnuolo of the Google Security Team discovered that unzip, an extraction utility for archives compressed in .zip format, is affected by heap-based buffer overflows within the CRC32 verification function (CVE-2014-8139), the test_compr_eb() function (CVE-2014-8140) and the getZip64Data() function (CVE-2014-8141), which may lead to the execution of arbitrary code.
CVEs:
jasper
- Author: kikadf
- Vulnerable: 1.900.1-6arcturus1
- Unaffected: 1.900.1-6arcturus2
Jose Duart of the Google Security Team discovered a double free flaw (CVE-2014-8137) and a heap-based buffer overflow flaw (CVE-2014-8138) in JasPer, a library for manipulating JPEG-2000 files.
CVEs:
mailx
- Author: kikadf
- Vulnerable: 12.4-4
- Unaffected: 12.4-5arcturus1
Mailx interprets shell meta-characters in certain email addresses. An unexpected feature of mailx treats syntactically valid email addresses as shell commands to execute.
CVEs:
ntp
- Author: kikadf
- Vulnerable: 4.2.6p5-3arcturus1
- Unaffected: 4.2.6p5-3arcturus2
ntpd generated a weak key for its internal use, with full administrative privileges. The ntp-keygen utility generated weak MD5 keys with insufficient entropy. ntpd had several buffer overflows (both on the stack and in the data section), allowing remote authenticated attackers to crash ntpd or potentially execute arbitrary code. The general packet processing function in ntpd did not handle an error case correctly.
CVEs:
denyhosts
- Author: kikadf
- Vulnerable: 2.6-5
- Unaffected: 2.6-6arcturus1
Helmut Grohne discovered that denyhosts, a tool preventing SSH brute-force attacks, could be used to perform remote denial of service against the SSH daemon.
CVEs:
libyaml
- Author: kikadf
- Vulnerable: 0.1.4-3arcturus2
- Unaffected: 0.1.4-3arcturus3
Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and emitter library.
CVEs:
mediawiki
- Author: kikadf
- Vulnerable: 1.19.20-1arcturus1
- Unaffected: 1.19.22-1arcturus1
A flaw was discovered in mediawiki, a wiki engine: cross-domain-policy mangling allows an article editor to inject code into API consumers that deserialize PHP representations of the page from the API.
CVEs:
bind
- Author: kikadf
- Vulnerable: 9.9.4-1arcturus1
- Unaffected: 9.9.6-1arcturus1
Florian Maury discovered that Bind incorrectly handled delegation.
CVEs:
graphviz
- Author: kikadf
- Vulnerable: 2.28.0-2arcturus2
- Unaffected: 2.28.0-2arcturus3
It was discovered that graphviz incorrectly handled parsing errors.