Frugalware Security Announcements (FSAs)

• Author: Miklos Vajna
• Vulnerable: 2.2.5-2
• Unaffected: 2.2.5-3solaria1

A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error when validating the X.509 certificate chain and can be exploited to spoof arbitrary names e.g. during a Man-in-the-Middle (MitM) attack.

• Bug Tracker URL: http://bugs.frugalware.org/task/3449

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?nameCVE-2008-4989

• Author: Miklos Vajna
• Vulnerable: 0.9.1-4
• Unaffected: 0.9.1-5solaria1

The code in hw/cirrus_vga.c has changed a lot between CVE-2007-1320 has been announced and the patch has been applied. As a consequence it has wrongly applied and QEMU is still vulnerable to this bug if using VNC.

• Bug Tracker URL: http://bugs.frugalware.org/task/3414

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4539

• Author: Miklos Vajna
• Vulnerable: 0.10.5-1
• Unaffected: 0.11.2-1solaria1

Some vulnerabilities have been reported in Trac, which can be exploited by malicious people to cause a DoS (Denial of Service) or to conduct phishing attacks.

1. An unspecified error in the HTML sanitiser filter can be exploited to conduct phishing attacks.
2. An unspecified error when processing wiki markup can be exploited to cause a DoS.

• Bug Tracker URL: http://bugs.frugalware.org/task/3448

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5646
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5647

• Author: Miklos Vajna
• Vulnerable: 20070427-1
• Unaffected: 20090217-1solaria1

A vulnerability has been reported in XEmacs, which can be exploited by malicious people to compromise a user’s system. For more information, see FSA472.

• Bug Tracker URL: http://bugs.frugalware.org/task/3087

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2142

• Author: Miklos Vajna
• Vulnerable: ffmpeg-20080427-7
• Unaffected: ffmpeg-20080427-8solaria1

Tobias Klein has reported a vulnerability in FFmpeg, which potentially can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to a signedness error within the “fourxm_read_header()” function in libavformat/4xm.c. This can be exploited to corrupt arbitrary memory via a specially crafted 4xm file. Successful exploitation may allow execution of arbitrary code.

• Bug Tracker URL: http://bugs.frugalware.org/task/3599

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0385

• Author: Miklos Vajna
• Vulnerable: 3.0.6-1solaria1
• Unaffected: 3.0.7-1solaria1

Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, disclose sensitive information, or compromise a user’s system.

1. Multiple errors in the layout and JavaScript engines can be exploited to corrupt memory and potentially execute arbitrary code.
2. An error in the garbage collection process when handling a set of cloned XUL DOM elements linked as a parent and child can be exploited to access freed memory and execute arbitrary code.
3. An error can be exploited via the “nsIRDFService” interface and a cross-domain redirect to bypass the same-origin policy and read XML data from another domain.
4. An error in libpng when handling out-of-memory conditions can be exploited to potentially execute arbitrary code.
5. An error when handling invisible control characters included in the location bar can be exploited to spoof a trusted URL.

• Bug Tracker URL: http://bugs.frugalware.org/task/3667

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0771
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0772
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0773
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0774
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0775
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0776
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0777

• Author: Miklos Vajna
• Vulnerable: 1.4.1-1
• Unaffected: 1.4.1-2solaria1

A vulnerability has been discovered in imlib2, which can be exploited by malicious people to potentially compromise an application using the library. The vulnerability is caused due to a pointer arithmetic error within the “load()” function provided by the XPM loader. This can be exploited to cause a heap-based buffer overflow via a specially crafted XPM file. Successful exploitation may allow execution of arbitrary code.

• Author: Miklos Vajna
• Vulnerable: 1.0rc2-7solaria2
• Unaffected: 1.0rc2-7solaria3

Tobias Klein has reported a vulnerability in FFmpeg, which potentially can be exploited by malicious people to compromise an application using the library. For more info, see FSA578.

• Bug Tracker URL: http://bugs.frugalware.org/task/3600

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0385

• Author: Miklos Vajna
• Vulnerable: 1.1.11-1
• Unaffected: 1.1.13-1solaria1

Some vulnerabilities have been reported in Mozilla SeaMonkey, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user’s system.

1. Several vulnerabilities can be exploited to disclose sensitive information, bypass certain security restrictions, or compromise a user’s system.
2. An error exists while processing JavaScript code embedded in email messages. This can be exploited to disclose the mailbox URI of the recipient via the “.documentURI” DOM property, or to potentially disclose comments placed in a forwarded email via the “.textContent” DOM property.

• Bug Tracker URL: http://bugs.frugalware.org/task/3466

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0017
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4582
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5012
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5013
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5014
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5017
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5018
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5021
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5022
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5023
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5024

• Author: Miklos Vajna
• Vulnerable: 0.9.4-1solaria1
• Unaffected: 0.9.6-1solaria1

Four vulnerabilities have been reported in VLC Media Player, which potentially can be exploited by malicious people to compromise a user’s system.

1. A boundary error in the processing of TY files can be exploited to cause a stack-based buffer overflow.
2. An integer overflow error in the processing of TY files can be exploited to cause a heap-based buffer overflow.
3. An error in the CUE demuxer can be exploited to cause a stack-based buffer overflow via a specially crafted CUE image file.
4. An error in the RealText demuxer can be exploited to cause a stack-based buffer overflow via a specially crafted RealText subtitle file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

• Bug Tracker URL: http://bugs.frugalware.org/task/3416

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3964
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4654
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4686
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5032
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5036