links
- Author: kikadf
- Vulnerable: 2.7-1
- Unaffected: 2.7-2arcturus1
Mikulas Patocka discovered an integer overflow in the parsing of HTML tables in the Links web browser.
Frugalware Security Announcements (FSAs)
This is a list of security announcments that have been released for the current stable version of Frugalware
pdns-recursor
- Author: kikadf
- Vulnerable: 3.3-8
- Unaffected: 3.3-9arcturus1
Florian Maury from ANSSI discovered a flaw in pdns-recursor, a recursive DNS server : a remote attacker controlling maliciously-constructed zones or a rogue server could affect the performance of pdns-recursor, thus leading to resource exhaustion and a potential denial-of-service.
CVEs:
xorg-server
- Author: kikadf
- Vulnerable: 1.14.2-2
- Unaffected: 1.14.2-3arcturus1
Ilja van Sprundel discovered a multitude of security issues in the X.Org X server.
CVEs:
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8091
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8092
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8093
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8094
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8095
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8096
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8097
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8098
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8099
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8100
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8101
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8102
dbus
- Author: kikadf
- Vulnerable: 1.6.8-10arcturus2
- Unaffected: 1.6.8-10arcturus3
It was discovered that DBus incorrectly handled a large number of file descriptor messages.
CVEs:
glibc
- Author: kikadf
- Vulnerable: 2.16.0-4arcturus1
- Unaffected: 2.16.0-4arcturus2
Adhemerval Zanella Netto discovered that the GNU C Library incorrectly handled certain multibyte characters when using the iconv function. Tim Waugh discovered that the GNU C Library incorrectly enforced the WRDE_NOCMD flag when handling the wordexp function.
CVEs:
jasper
- Author: kikadf
- Vulnerable: 1.900.1-5
- Unaffected: 1.900.1-6arcturus1
Two buffer overflows were discovered in JasPer, a library for handling JPEG-2000 images, which could lead to the execution of arbitrary code. Josh Duart of the Google Security Team discovered heap-based buffer overflow flaws in JasPer, a library for manipulating JPEG-2000 files, which could lead to denial of service (application crash) or the execution of arbitrary code.
CVEs:
libksba
- Author: kikadf
- Vulnerable: 1.2.0-1
- Unaffected: 1.2.0-2arcturus1
Hanno Böck discovered that Libksba incorrectly handled certain S/MIME messages or ECC based OpenPGP data.
CVEs:
mod_wsgi
- Author: kikadf
- Vulnerable: 3.4-2arcturus1
- Unaffected: 3.4-2arcturus2
It was discovered that mod_wsgi incorrectly handled errors when setting up the working directory and group access rights.
CVEs:
pcre
- Author: kikadf
- Vulnerable: 8.32-1
- Unaffected: 8.32-2arcturus1
Heap overflow while matching against an expression with an assertion with a zero minimum repeat as the condition in a conditional group.
CVEs:
qemu
- Author: kikadf
- Vulnerable: 1.5.2-3arcturus7
- Unaffected: 1.5.2-3arcturus8
Paolo Bonzini of Red Hat discovered that the blit region checks were insufficient in the Cirrus VGA emulator in qemu, a fast processor emulator. Invalid migration stream can cause arbitrary qemu memory overwrite.