Frugalware Security Announcements (FSAs)
This is a list of security announcments that have been released for the current stable version of Frugalware
Author: kikadf Vulnerable: 1.1-2 Unaffected: 1.1-3arcturus1 Jouni Malinen discovered an input sanitization issue in the wpa_cli and hostapd_cli tools included in the wpa package.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3686
Author: kikadf Vulnerable: 1.1-1 Unaffected: 1.1-2arcturus1 Jouni Malinen discovered an input sanitization issue in the wpa_cli and hostapd_cli tools included in the wpa package.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3686
Author: kikadf Vulnerable: 7.22-2arcturus4 Unaffected: 7.22-2arcturus5 Stefan Horst discovered a vulnerability in the Drupal database abstraction API, which may result in SQL injection.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3704
Author: kikadf Vulnerable: 5.5.38-1arcturus1 Unaffected: 5.5.40-1arcturus1 Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5615 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4274 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6463 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6464 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6469 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6478 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6484 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6491 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6494 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6495 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6496 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6500 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6505 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6507 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6520 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6530 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6559
Author: kikadf Vulnerable: 1.5.1-2 Unaffected: 1.5.1-3arcturus1 Several vulnerabilities have been discovered in OpenJPEG, a JPEG 2000 image library, that may lead to denial of service via application crash or high memory consumption, possible code execution through heap buffer overflows, information disclosure.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6045 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6887
Author: kikadf Vulnerable: 1.0.1-5arcturus6 Unaffected: 1.0.1-5arcturus7 A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. When OpenSSL is configured with “no-ssl3” as a build option, servers could accept and complete a SSL 3.
Author: kikadf Vulnerable: 4.2_045-5arcturus2 Unaffected: 4.2_053-1arcturus1 Michal Zalewski discovered that Bash incorrectly handled parsing certain function definitions. If an attacker were able to create an environment variable containing a function definition with a very specific name, these issues could possibly be used to bypass certain environment restrictions and execute arbitrary code.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278
Author: kikadf Vulnerable: 5.8.13-2arcturus1 Unaffected: 5.8.13-2arcturus2 Incomplete fix for CVE-2014-3634.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3683
Author: kikadf Vulnerable: 1.5.2-3arcturus5 Unaffected: 1.5.2-3arcturus6 An information leakage flaw was found in Qemu’s VGA emulator. It could lead to leaking host memory bytes to a VNC client. It could occur when a guest GOP driver attempts to set a high display resolution.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3615
Author: kikadf Vulnerable: 1.2.8-2arcturus1 Unaffected: 1.2.8-2arcturus2 Mantis suffers from a null byte poisoning issue when LDAP authentication is used.
CVEs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6387
