Frugalware Security Announcements (FSAs)

Author: kikadf Vulnerable: 2.7-1 Unaffected: 2.7-2arcturus1 Mikulas Patocka discovered an integer overflow in the parsing of HTML tables in the Links web browser. CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6050

Author: kikadf Vulnerable: 3.3-8 Unaffected: 3.3-9arcturus1 Florian Maury from ANSSI discovered a flaw in pdns-recursor, a recursive DNS server : a remote attacker controlling maliciously-constructed zones or a rogue server could affect the performance of pdns-recursor, thus leading to resource exhaustion and a potential denial-of-service. CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8601

Author: kikadf Vulnerable: 1.14.2-2 Unaffected: 1.14.2-3arcturus1 Ilja van Sprundel discovered a multitude of security issues in the X.Org X server. CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8091 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8092 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8098 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8099 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8100 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8102

Author: kikadf Vulnerable: 1.6.8-10arcturus2 Unaffected: 1.6.8-10arcturus3 It was discovered that DBus incorrectly handled a large number of file descriptor messages. CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7824

Author: kikadf Vulnerable: 2.16.0-4arcturus1 Unaffected: 2.16.0-4arcturus2 Adhemerval Zanella Netto discovered that the GNU C Library incorrectly handled certain multibyte characters when using the iconv function. Tim Waugh discovered that the GNU C Library incorrectly enforced the WRDE_NOCMD flag when handling the wordexp function. CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4043 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7817

Author: kikadf Vulnerable: 1.900.1-5 Unaffected: 1.900.1-6arcturus1 Two buffer overflows were discovered in JasPer, a library for handling JPEG-2000 images, which could lead to the execution of arbitrary code. Josh Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, a library for manipulating JPEG-2000 files, which could lead to denial of service (application crash) or the execution of arbitrary code. CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4516 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9029

Author: kikadf Vulnerable: 1.2.0-1 Unaffected: 1.2.0-2arcturus1 Hanno Böck discovered that Libksba incorrectly handled certain S/MIME messages or ECC based OpenPGP data. CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9087

Author: kikadf Vulnerable: 3.4-2arcturus1 Unaffected: 3.4-2arcturus2 It was discovered that mod_wsgi incorrectly handled errors when setting up the working directory and group access rights. CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8583

Author: kikadf Vulnerable: 8.32-1 Unaffected: 8.32-2arcturus1 Heap overflow while matching against an expression with an assertion with a zero minimum repeat as the condition in a conditional group. CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8964

Author: kikadf Vulnerable: 1.5.2-3arcturus7 Unaffected: 1.5.2-3arcturus8 Paolo Bonzini of Red Hat discovered that the blit region checks were insufficient in the Cirrus VGA emulator in qemu, a fast processor emulator. Invalid migration stream can cause arbitrary qemu memory overwrite. CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7840