hostapd
- Author: kikadf
- Vulnerable: 1.1-2
- Unaffected: 1.1-3arcturus1
Jouni Malinen discovered an input sanitization issue in the wpa_cli and hostapd_cli tools included in the wpa package.
Frugalware Security Announcements (FSAs)
This is a list of security announcments that have been released for the current stable version of Frugalware
wpa_supplicant
- Author: kikadf
- Vulnerable: 1.1-1
- Unaffected: 1.1-2arcturus1
Jouni Malinen discovered an input sanitization issue in the wpa_cli and hostapd_cli tools included in the wpa package.
CVEs:
drupal7
- Author: kikadf
- Vulnerable: 7.22-2arcturus4
- Unaffected: 7.22-2arcturus5
Stefan Horst discovered a vulnerability in the Drupal database abstraction API, which may result in SQL injection.
CVEs:
mysql
- Author: kikadf
- Vulnerable: 5.5.38-1arcturus1
- Unaffected: 5.5.40-1arcturus1
Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues.
CVEs:
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5615
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4274
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4287
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6463
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6464
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6469
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6478
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6484
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6491
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6494
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6495
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6496
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6500
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6505
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6507
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6520
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6530
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6551
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6555
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6559
openjpeg
- Author: kikadf
- Vulnerable: 1.5.1-2
- Unaffected: 1.5.1-3arcturus1
Several vulnerabilities have been discovered in OpenJPEG, a JPEG 2000 image library, that may lead to denial of service via application crash or high memory consumption, possible code execution through heap buffer overflows, information disclosure.
CVEs:
openssl
- Author: kikadf
- Vulnerable: 1.0.1-5arcturus6
- Unaffected: 1.0.1-5arcturus7
A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. When OpenSSL is configured with “no-ssl3” as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be configured to send them.
bash
- Author: kikadf
- Vulnerable: 4.2_045-5arcturus2
- Unaffected: 4.2_053-1arcturus1
Michal Zalewski discovered that Bash incorrectly handled parsing certain function definitions. If an attacker were able to create an environment variable containing a function definition with a very specific name, these issues could possibly be used to bypass certain environment restrictions and execute arbitrary code.
CVEs:
rsyslog
- Author: kikadf
- Vulnerable: 5.8.13-2arcturus1
- Unaffected: 5.8.13-2arcturus2
Incomplete fix for CVE-2014-3634.
CVEs:
qemu
- Author: kikadf
- Vulnerable: 1.5.2-3arcturus5
- Unaffected: 1.5.2-3arcturus6
An information leakage flaw was found in Qemu’s VGA emulator. It could lead to leaking host memory bytes to a VNC client. It could occur when a guest GOP driver attempts to set a high display resolution.
CVEs:
mantis
- Author: kikadf
- Vulnerable: 1.2.8-2arcturus1
- Unaffected: 1.2.8-2arcturus2
Mantis suffers from a null byte poisoning issue when LDAP authentication is used.