samba
- Author: kikadf
- Vulnerable: 3.6.23-1arcturus1
- Unaffected: 3.6.24-1arcturus1
Denial of service (infinite CPU loop) in the nmbd Netbios name service daemon. Denial of service (daemon crash) in the smbd file server daemon.
Frugalware Security Announcements (FSAs)
This is a list of security announcments that have been released for the current stable version of Frugalware
kernel
- Author: kikadf
- Vulnerable: 3.10-7
- Unaffected: 3.10-8arcturus1
Pinkie Pie discovered a flaw in the Linux kernel’s futex subsystem. Kernel Infoleak vulnerability in media_enum_entities(). Linux kernel user namespace bug.
CVEs:
firefox
- Author: kikadf
- Vulnerable: 29.0-1arcturus1
- Unaffected: 30.0-1arcturus1
Gary Kwong, Christoph Diehl, Christian Holler, Hannes Verschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey, Jesse Ruderman, Gregor Wagner, Benoit Jacob and Karl Tomlinson discovered multiple memory safety issues in Firefox. Abhishek Arya discovered multiple use-after-free and out-of-bounds read issues in Firefox. Tyson Smith and Jesse Schwartzentruber discovered a use-after-free in the event listener manager. A use-after-free was discovered in the SMIL animation controller. Holger Fuhrmannek discovered a buffer overflow in Web Audio.
chromium-browser
- Author: kikadf
- Vulnerable: 35.0.1916.114-1arcturus1
- Unaffected: 35.0.1916.153-1arcturus1
Use-after-free in filesystem api. Out-of-bounds read in SPDY. Buffer overflow in clipboard. Heap overflow in media.
CVEs:
mupdf
- Author: kikadf
- Vulnerable: 1.1-1
- Unaffected: 1.1-2arcturus1
It was discovered that a buffer overflow in the MuPDF viewer might lead to the execution of arbitrary code.
CVEs:
chkrootkit
- Author: kikadf
- Vulnerable: 49-1
- Unaffected: 50-1arcturus1
Thomas Stangner discovered a vulnerability in chkrootkit, a rootkit detector, which may allow local attackers to gain root access when /tmp is mounted without the noexec option.
CVEs:
chromium-browser
- Author: kikadf
- Vulnerable: 34.0.1847.118-1arcturus1
- Unaffected: 35.0.1916.114-1arcturus1
Cloudfuzzer discovered a use-after-free issue in the Blink/Webkit document object model implementation. Aaron Staple discovered an integer overflow issue in audio input handling. Atte Kettunen discovered a use-after-free issue in the Blink/Webkit scalable vector graphics implementation. Holger Fuhrmannek discovered an out-of-bounds read issue in the URL protocol implementation for handling media. Packagesu discovered a cross-site scripting issue involving malformed MHTML files. Jordan Milne discovered a user interface spoofing issue. The Google Chrome development team discovered and fixed multiple issues with potential security impact. An integer underflow issue was discovered in the v8 javascript library.
openssl
- Author: kikadf
- Vulnerable: 1.0.1-5arcturus4
- Unaffected: 1.0.1-5arcturus5
Jüri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. Kikuchi Masashi discovered that OpenSSL incorrectly handled certain handshakes. Felix Gröbert and Ivan Fratrić discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites.
CVEs:
python-gnupg
- Author: kikadf
- Vulnerable: 0.3.4-1
- Unaffected: 0.3.6-1arcturus1
Multiple vulnerabilities were discovered in the Python wrapper for the Gnu Privacy Guard (GPG). Insufficient sanitising could lead to the execution of arbitrary shell commands.
CVEs:
gnutls
- Author: kikadf
- Vulnerable: 2.12.17-2arcturus1
- Unaffected: 2.12.17-2arcturus2
Joonas Kuorilehto discovered that GNU TLS performed insufficient validation of session IDs during TLS/SSL handshakes. A malicious server could use this to execute arbitrary code or perform denial of service.