Frugalware Security Announcements (FSAs)

This is a list of security announcments that have been released for the current stable version of Frugalware

firefox

  • Author: Miklos Vajna
  • Vulnerable: 3.0.4-1solaria1
  • Unaffected: 3.0.6-1solaria1

Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious, local users to potentially disclose sensitive information, and by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, disclose sensitive information, or potentially to compromise a user’s system.

  1. Multiple errors in the layout engine can be exploited to cause memory corruptions and potentially execute arbitrary code.
  2. Multiple errors in the Javascript engine can be exploited to cause memory corruptions and potentially execute arbitrary code.
  3. A chrome XBL method can be used in combination with “window.eval” to execute arbitrary Javascript code in the context of another web site
  4. An error when restoring a closed tab can be exploited to modify an input control’s text value, which allows e.g. to disclose the content of a local file when a user re-opens a tab.
  5. An error in the processing of shortcut files can be exploited to execute arbitrary script code with chrome privileges e.g. via an HTML file that loads a privileged chrome document via a .desktop shortcut file.
  6. A security issue is caused due to cookies marked “HTTPOnly” being readable by Javascript via the “XMLHttpRequest.getResponseHeader” and “XMLHttpRequest.getAllResponseHeaders” APIs.
  7. A security issue is caused due to Firefox ignoring certain HTTP directives to not cache web pages (“Cache-Control: no-store” and “Cache-Control: no-cache” for HTTPS pages), which can be exploited to disclose potentially sensitive information via cached pages.

CVEs:

wireshark

  • Author: Miklos Vajna
  • Vulnerable: 1.0.5-1solaria1
  • Unaffected: 1.0.6-1solaria1

A vulnerability has been reported in Wireshark, which can be exploited by malicious people to potentially compromise a user’s system. The vulnerability is caused due to a boundary error in the processing of NetScreen Snoop capture files and can be exploited to cause a stack-based buffer overflow. Successful exploitation may allow execution of arbitrary code depending on the allocation of stack variables.

CVEs:

drupal

  • Author: Miklos Vajna
  • Vulnerable: 5.13-1solaria1
  • Unaffected: 5.15-1solaria1

A security issue has been reported in Drupal, which can potentially be exploited by malicious people to conduct SQL injection attacks. Unspecified Input passed to the Node Access API is not properly sanitised before being used in an SQL query. This can potentially be exploited to manipulate SQL queries by injecting arbitrary SQL code. NOTE: This is only a risk in combination with a contributed module.

drupal-i18n

  • Author: Miklos Vajna
  • Vulnerable: 5.x_2.4-1
  • Unaffected: 5.x_2.5-1solaria1

A vulnerability has been reported in the Internationalization (i18n) Translation module for Drupal, which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to an unspecified error, which can be exploited to view the content of unpublished nodes without requiring any additional permissions to do so. Successful exploitation of this vulnerability requires the “translate node” permission.

drupal6

  • Author: Miklos Vajna
  • Vulnerable: 6.7-1solaria1
  • Unaffected: 6.9-1solaria1

A vulnerability has been reported in the Content Translation module for Drupal, which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to an unspecified error, which can be exploited to bypass normal viewing access restrictions and e.g. view the content of unpublished nodes without requiring any additional permissions to do so. Successful exploitation of this vulnerability requires the “translate content” permission.

graphviz

  • Author: Miklos Vajna
  • Vulnerable: 2.20.2-1
  • Unaffected: 2.20.3-1solaria1

Roee Hay has discovered a vulnerability in Graphviz, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a boundary error within the “push_subg()” function in lib/graph/parser.c, which can be exploited to cause a memory corruption and potentially execute arbitrary code by e.g. tricking a user into processing a specially crafted dot file.

CVEs:

kernel

  • Author: Miklos Vajna
  • Vulnerable: 2.6.26-2solaria1
  • Unaffected: 2.6.26-2solaria2

A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to the “svc_listen()” function in net/atm/svc.c allowing users to create unassigned PVC/SVC entries by calling the function multiple times on a socket. This can be exploited to trigger an infinite loop within the “__vcc_walk()” function in net/atm/proc.c by creating unassigned entries and then e.g. reading from /proc/net/atm/vc.

mplayer

  • Author: Miklos Vajna
  • Vulnerable: 1.0rc2-7solaria1
  • Unaffected: 1.0rc2-7solaria2

Tobias Klein has reported a vulnerability in MPlayer, which potentially can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a boundary error within the “demux_open_vqf()” function in libmpdemux/demux_vqf.c. This can be exploited to cause a stack-based buffer overflow via a specially crafted TwinVQ file. Successful exploitation may allow execution of arbitrary code.

CVEs: