mediawiki
- Author: kikadf
- Vulnerable: 1.19.19-1arcturus1
- Unaffected: 1.19.20-1arcturus1
It was reported that MediaWiki, a website engine for collaborative work, allowed to load user-created CSS on pages where user-created JavaScript is not allowed.
Frugalware Security Announcements (FSAs)
This is a list of security announcments that have been released for the current stable version of Frugalware
file
- Author: kikadf
- Vulnerable: 5.14-2arcturus3
- Unaffected: 5.14-2arcturus4
It was discovered that file incorrectly handled certain CDF documents. A attacker could use this issue to cause file to hang or crash, resulting in a denial of service.
CVEs:
krb5
- Author: kikadf
- Vulnerable: 1.10.1-2arcturus1
- Unaffected: 1.10.1-2arcturus2
It was reported that if a privileged user randomized the keys for a service principal, the old key would be returned to them. This could lead to ticket forgery attacks on the service in question.
CVEs:
openvpn
- Author: kikadf
- Vulnerable: 2.1.3-6
- Unaffected: 2.1.3-7arcturus1
It was discovered that OpenVPN incorrectly handled HMAC comparisons when running in UDP mode.
CVEs:
putty
- Author: kikadf
- Vulnerable: 0.62-1
- Unaffected: 0.62-2arcturus1
Mark Wooding discovered a heap-corrupting buffer underrun bug in the modmul function which performs modular multiplication. It was discovered that non-coprime values in DSA signatures can cause a buffer overflow in the calculation code of modular inverses when verifying a DSA signature. Such a signature is invalid. It was discovered that private keys were left in memory after being used by PuTTY tools. Gergely Eberhardt from SEARCH-LAB Ltd. discovered that PuTTY is vulnerable to an integer overflow leading to heap overflow during the SSH handshake before authentication due to improper bounds checking of the length parameter received from the SSH server.
qemu
- Author: kikadf
- Vulnerable: 1.5.2-3arcturus4
- Unaffected: 1.5.2-3arcturus5
When guest sends udp packet with source port and source addr 0, uninitialized socket is picked up when looking for matching and already created udp sockets, and later passed to sosendto() where NULL pointer dereference is hit during so->slirp->vnetwork_mask.s_addr access.
CVEs:
ctags
- Author: kikadf
- Vulnerable: 5.8-1
- Unaffected: 5.8-2arcturus1
A denial of service issue was discovered in ctags. This could lead to excessive CPU and disk space consumption.
CVEs:
krfb
- Author: kikadf
- Vulnerable: 4.11.1-2arcturus1
- Unaffected: 4.11.1-2arcturus2
A malicious VNC server could use this flaw to cause a client to crash. A divide-by-zero flaw was reported in LibVNCServer’s scaling factor handling. A VNC client could use this flaw to cause the VNC server to crash.
CVEs:
libvncserver
- Author: kikadf
- Vulnerable: 0.9.8.1-2arcturus1
- Unaffected: 0.9.8.1-2arcturus2
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer. A NULL pointer dereference flaw was reported in LibVNCServer’s framebuffer setup. A malicious VNC server could use this flaw to cause a client to crash. A divide-by-zero flaw was reported in LibVNCServer’s scaling factor handling. A VNC client could use this flaw to cause the VNC server to crash.
rsyslog
- Author: kikadf
- Vulnerable: 5.8.13-1
- Unaffected: 5.8.13-2arcturus1
Rainer Gerhards, the rsyslog project leader, reported a vulnerability in Rsyslog, a system for log processing. As a consequence of this vulnerability an attacker can send malformed messages to a server, if this one accepts data from untrusted sources, and trigger a denial of service attack.