This is a list of security announcments that have been released for the current stable version of Frugalware
Michele Spagnuolo, of Google Security Team, and Miroslav Lichvar, of Red Hat, discovered two issues in flac, a library handling Free Lossless Audio Codec media: by providing a specially crafted FLAC file, an attacker could execute arbitrary code.
Buffer overflow in the PPP dissector.
Dragana Damjanovic discovered that an authenticated client could crash an OpenVPN server by sending a control packet containing less than four bytes as payload.
Kurt Seifried discovered that ClamAV incorrectly handled certain JavaScript files. Damien Millescamp discovered that ClamAV incorrectly handled certain PE files.
Multiple vulnerabilities were discovered in the dissectors/parsers for SigComp UDVM, AMQP, NCP and TN5250, which could result in denial of service.
Aaron Averill discovered that a specially crafted request can give a user access to another user’s session, allowing an attacker to hijack a random session. Michael Cullum, Javier Nieto and Andres Rojas Guerrero discovered that the password hashing API allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion.
Aaron Averill discovered that a specially crafted request can give a user access to another user’s session, allowing an attacker to hijack a random session. Michael Cullum, Javier Nieto and Andres Rojas Guerrero discovered that the password hashing API allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion.
Off-by-one error in the encodes function in pack.c, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow. Tomas Hoger discovered that Ruby incorrectly handled XML entity expansion.
Tcpdump program crash was reported when processing a malformed OLSR payload. The application decoder for the Ad hoc On-Demand Distance Vector (AODV) protocol fails to perform input validation and performs unsafe out-of-bound accesses.
Buffer overflow when handling PSD images.
