Frugalware Security Announcements (FSAs)

This is a list of security announcments that have been released for the current stable version of Frugalware

firefox

  • Author: Miklos Vajna
  • Vulnerable: 3.0.8-1anacreon1
  • Unaffected: 3.0.10-1anacreon1

Some vulnerabilities, security issues, and a weakness have been reported in Mozilla Firefox, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, conduct cross-site scripting and cross-site request forgery attacks, and potentially compromise a user’s system.

  1. Multiple errors in the browser engine can be exploited to corrupt memory and potentially execute arbitrary code.
  2. Multiple errors in the JavaScript engine can be exploited to corrupt memory and potentially execute arbitrary code.
  3. An error exists when the “jar:” scheme is used to wrap a URI, which serves content with “Content-Disposition: attachment”. This can be exploited to e.g. conduct cross-site scripting attacks on sites that allow users to upload arbitrary content, which is served as “application/java-archive” or “application/x-jar”, and that rely on the HTTP header “Content-Disposition: attachment” to prevent potentially untrusted content.
  4. An error when loading a Adobe Flash file via the “view-source:” scheme can be exploited to conduct cross-site request forgery attacks or read and write Local Shared Objects on a user’s system e.g. for tracking purposes.
  5. An error in the processing of XBL bindings can be exploited to conduct script insertion attacks on sites that allow user to embed third-party stylesheets.
  6. Errors in “XMLHttpRequest” and “XPCNativeWrapper.toString” can be exploited to bypass the same-origin policy and potentially execute code with chrome privileges.
  7. A weakness in the handling of “SearchForm” URIs can be exploited to execute arbitrary script code in the context of an arbitrary site when a user performs an empty search in a specially crafted plugin.
  8. An error in the handling of POST data may result in unintended information disclosure. When an inner frame of a web page is saved as file POST data of the outer page is sent to the URL of the inner frame.
  9. An error in the processing of the “Refresh” header can potentially be exploited to conduct cross-site scripting attacks.
  10. A vulnerability is caused due to an error when calling the “nsTextFrame::ClearTextRun()” function and can be exploited to corrupt memory.

CVEs:

j2sdk

  • Author: Miklos Vajna
  • Vulnerable: 6-13
  • Unaffected: 6-14anacreon1

Some vulnerabilities have been reported in Sun Java, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or potentially compromise a user’s system.

  1. An error while initialising LDAP connections can be exploited to render the LDAP service unresponsive.
  2. An error in the JRE LDAP client implementation can be exploited to load and execute arbitrary code via specially crafted data received from a malicious LDAP server.
  3. An integer overflow error in JRE when unpacking applets and in Java Web Start applications using the “unpack200” JAR unpacking utility can be exploited to potentially execute arbitrary code.
  4. An error in JRE when unpacking applets and in Java Web Start applications using the “unpack200” JAR unpacking utility can be exploited to cause a buffer overflow and potentially execute arbitrary code.
  5. Two errors when storing and processing temporary font files can be exploited by an untrusted applet or a Java Web Start application to consume an overly large amount of disk space.
  6. An error in the Java Plug-in when deserializing applets can be exploited to e.g. read, write, or execute local files.
  7. The Java Plug-in allows JavaScript code loaded from the local system to connect to arbitrary local ports. This can be exploited in combination with cross-site scripting attacks to access normally restricted local ports.
  8. The Java Plug-in allows applets to run in earlier versions of JRE if approved by the user. This can be exploited to trick a user into loading a malicious applet into an old and potentially vulnerable JRE version.
  9. An error in the Java Plug-in when processing crossdomain.xml files can be exploited by an untrusted applet to connect to arbitrary domains providing a crossdomain.xml file.
  10. An error in the Java Plug-in can be exploited by a signed applet to alter the contents of the security dialog and trick a user into trusting the applet.
  11. An error in the JRE virtual machine when generating code can be exploited to e.g. read, write, or execute local files.
  12. An integer overflow error in JRE when processing PNG splash screen images can be exploited by an untrusted Java Web Start application to cause a buffer overflow and potentially execute arbitrary code.
  13. An error in JRE when processing GIF splash screen images can be exploited by an untrusted Java Web Start application to cause a buffer overflow and potentially execute arbitrary code.
  14. An error in JRE when processing GIF images can be exploited by an untrusted applet or an untrusted Java Web Start application to cause a buffer overflow and potentially execute arbitrary code.
  15. A signedness error in JRE when processing Type1 fonts can be exploited to cause corrupt heap memory and potentially execute arbitrary code.
  16. An unspecified error in the JRE HTTP server implementation can be exploited to render a JAX-WS service endpoint unresponsive.

CVEs:

openssl

  • Author: Miklos Vajna
  • Vulnerable: 0.9.8-16
  • Unaffected: 0.9.8-17anacreon1

Some vulnerabilities have been reported in OpenSSL, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service).

  1. An error exists in the “ASN1_STRING_print_ex()” function when printing “BMPString” or “UniversalString” strings. This can be exploited to trigger an access to invalid memory and cause a crash via an illegal encoded string length when e.g. printing the contents of a certificate.
  2. The “CMS_verify()” function incorrectly handles an error condition when processing malformed signed attributes. This can be exploited to trick an application into considering a malformed set of signed attributes valid and skip further checks. Successful exploitation requires access to a previously generated invalid signature.
  3. An error when processing malformed ASN1 structures can be exploited to trigger an access to invalid memory and cause a crash via a specially crafted certificate.

CVEs:

phpmyadmin

  • Author: Miklos Vajna
  • Vulnerable: 3.1.3-1
  • Unaffected: 3.1.3.1-1anacreon1

Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a vulnerable system.

  1. Input passed via export page cookies is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in the context of an affected site.
  2. The vulnerability is caused due to the application not properly sanitising configuration parameters during the setup procedure. This can be exploited to inject arbitrary PHP code into the phpMyAdmin configuration file. NOTE: Successful exploitation of this vulnerability requires that installation best-practices have not been followed and the setup scripts have not been deleted after a successful installation.

CVEs:

phpmyadmin

  • Author: Miklos Vajna
  • Vulnerable: 3.1.3.1-1anacreon1
  • Unaffected: 3.1.3.2-1anacreon1

A vulnerability has been reported in phpMyAdmin, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the setup script not properly sanitising configuration parameters. This can be exploited to inject arbitrary PHP code into the phpMyAdmin configuration file. This is related to vulnerability #2 in: FSA591 NOTE: Successful exploitation requires that installation best-practices have not been followed and the setup scripts have not been deleted after a successful installation.

udev

  • Author: Miklos Vajna
  • Vulnerable: 139-1
  • Unaffected: 141-1anacreon1

Some vulnerabilities have been reported in udev, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges.

  1. A vulnerability is caused due to udev not properly verifying the credentials of received NETLINK messages. This can be exploited to gain escalated privileges by sending multicast NETLINK messages.
  2. A vulnerability is caused due to a boundary error within the “util_path_encode()” function in udev/lib/libudev-util.c. This can be exploited to cause a crash by providing specially crafted input.

CVEs:

wireshark

  • Author: Miklos Vajna
  • Vulnerable: 1.0.6-1
  • Unaffected: 1.0.7-1anacreon1

Some vulnerabilities have been reported in Wireshark, which can potentially be exploited by malicious people to cause a DoS (Denial of Service) and compromise a user’s system.

  1. A vulnerability is caused due to a format string error within the PN-DCP dissector when processing station names containing format string specifiers. This can be exploited to cause a crash and potentially execute arbitrary code via specially crafted packets captured off the wire or loaded via a capture file.
  2. An error within the Check Point High-Availability Protocol (CPHAP) dissector can be exploited to cause a crash.

CVEs:

drupal6-cck

  • Author: Miklos Vajna
  • Vulnerable: 6.x_2.1-1
  • Unaffected: 6.x_2.2-1anacreon1

A security issue has been reported in the CCK Field Privacy module for Drupal, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to the application not properly restricting access to certain administrative pages and can be exploited to e.g. change permissions on fields.

CVEs:

enscript

  • Author: Miklos Vajna
  • Vulnerable: 1.6.4-4
  • Unaffected: 1.6.4-5solaria1

Some vulnerabilities have been discovered in GNU Enscript, which can be exploited by malicious people to compromise a vulnerable system.

  1. A vulnerability is caused due to a boundary error within the “read_special_escape()” function in src/psgen.c when processing the “setfilename” escape sequence. This can be exploited to cause a stack-based buffer overflow by tricking the user into converting a malicious file.
  2. A vulnerability is caused due to a boundary error within the “read_special_escape()” function in src/psgen.c when processing the “font” escape sequence. This can be exploited to cause a stack-based buffer overflow by tricking the user into converting a malicious file. Successful exploitation allows execution of arbitrary code, but requires that special escapes processing is enabled with the “-e” option.

CVEs: