Frugalware Security Announcements (FSAs)

This is a list of security announcments that have been released for the current stable version of Frugalware

openoffice.org

  • Author: Miklos Vajna
  • Vulnerable: 2.4.1-1
  • Unaffected: 2.4.1-2solaria1

Some vulnerabilities have been reported in OpenOffice, which potentially can be exploited by malicious people to compromise a user’s system.

  1. An error in the processing of WMF files can be exploited to cause a heap-based buffer overflow via a specially crafted StarOffice/StarSuite document.
  2. Multiple integer overflows when parsing certain EMR records of EMF files can be exploited to cause heap-based buffer overflows via a specially crafted StarOffice/StarSuite document. Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

CVEs:

libxml2

  • Author: Miklos Vajna
  • Vulnerable: 2.6.32-2
  • Unaffected: 2.7.2-1solaria1

Two vulnerabilities have been reported in Libxml2, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

  1. A recursion error exists when processing certain XML content. This can be exploited to e.g. exhaust all available memory and CPU resources by tricking an application using Libxml2 into processing specially crafted XML documents.
  2. A boundary error in the processing of long XML entity names in parser.c can be exploited to cause a heap-based buffer overflow when specially crafted XML content is parsed.
  3. A vulnerability is caused due to an error in the processing of XML files and can be exploited to exhaust all available memory via a specially crafted XML file containing a predefined entity inside an entity definition. Successful exploitation may allow execution of arbitrary code.

CVEs:

proftpd

  • Author: Miklos Vajna
  • Vulnerable: 1.3.1-4
  • Unaffected: 1.3.1-5solaria1

A vulnerability has been reported in ProFTPD, which can be exploited by malicious people to conduct cross-site request forgery attacks. The vulnerability is caused due to the application truncating an overly long FTP command, and improperly interpreting the remainder string as a new FTP command. This can be exploited to execute arbitrary FTP commands with the privileges of another user by e.g. tricking the user into following a malicious link.

vlc

  • Author: Miklos Vajna
  • Vulnerable: 0.9.1-1
  • Unaffected: 0.9.4-1solaria1

A vulnerability has been reported by VLC Media Player, which potentially can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a signedness error within the “parse_track_node()” function in modules/demux/playlist/xspf.c. This can be exploited to corrupt memory via a specially crafted XSPF file containing a negative “identifier” attribute. Successful exploitation may allow execution of arbitrary code.

wireshark

  • Author: Miklos Vajna
  • Vulnerable: 1.0.3-1solaria1
  • Unaffected: 1.0.4-1solaria1

Some vulnerabilities and a weakness have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service).

  1. An error within the Bluetooth ACL dissector can be exploited to cause a crash via specially crafted packets.
  2. An error within the Q.931 dissector can be exploited to cause a crash via specially crafted packets.
  3. Uninitialised data structures within the Bluetooth RFCOMM and USB dissector can be exploited to cause a crash via specially crafted packets.

CVEs:

django

  • Author: Miklos Vajna
  • Vulnerable: 0.96.2-1
  • Unaffected: 1.0-1solaria1

A vulnerability has been reported in Django, which can be exploited by malicious people to conduct cross-site request forgery attacks. The vulnerability is caused due to the Django administration application not performing any validity checks to verify requests when re-authenticating the user. This can be exploited to delete and edit data when a not logged-in user e.g. visits a malicious web site and is then enticed to log in to the application.

dovecot

  • Author: Miklos Vajna
  • Vulnerable: 1.1.2-1
  • Unaffected: 1.1.4-1solaria1

Two security issues have been reported in Dovecot, which can be exploited by malicious users to bypass certain security restrictions.

  1. The problem is that the ACL plugin interprets negative access rights as positive access rights, potentially giving an unprivileged user access to restricted resources.
  2. An error in the ACL plugin when imposing mailbox creation restrictions can be exploited to create “parent/child/child” mailboxes.

CVEs:

drupal-cck

  • Author: Miklos Vajna
  • Vulnerable: 5.x_1.7-1
  • Unaffected: 5.x_1.9-1solaria1

Some vulnerabilities have been reported in the Drupal Content Construction Kit (CCK), which can be exploited by malicious users to conduct script insertion attacks. Input passed to some fields settings forms (e.g. “field label”, “help text”, “allowed values”) is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user’s browser session in context of an affected site when the malicious data is viewed. Successful exploitation requires “administer content” privileges.

libpng

  • Author: Miklos Vajna
  • Vulnerable: 1.2.29-1
  • Unaffected: 1.2.32-1solaria1

A vulnerability has been reported in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an off-by-one error within the “png_push_read_zTXt()” function in pngread.c when processing malicious PNG images with specially crafted zTXt chunks, which can be exploited to crash an application using the library.

CVEs: