Frugalware Security Announcements (FSAs)

• Vulnerable: 2.3.1-2
• Unaffected: 2.4.3-1kalgan1

Some vulnerabilities have been reported in Pidgin, which potentially can be exploited by malicious people to compromise a user’s system. The vulnerabilities are caused due to integer overflow errors in the “msn_slplink_process_msg” function in libpurple/protocols/msnp9/slplink.c and libpurple/protocols/msn/slplink.c, and can potentially be exploited to execute arbitrary code via a specially crafted SLP message. Successful exploitation requires that the attacker is allowed to send messages to a victim (by default only users in the buddy list).

• Vulnerable: 9.4.2-2
• Unaffected: 9.4.2-3kalgan1

A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to poison the DNS cache. The vulnerability is caused due to the DNS servers not sufficiently randomising the DNS query port number, which can be exploited to poison the DNS cache.

• Bug Tracker URL: http://bugs.frugalware.org/task/3219

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447

• Vulnerable: 0.93.1-1kalgan1
• Unaffected: 0.93.3-1kalgan1

A vulnerability has been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a boundary error in libclamav/petite.c. This can be exploited to trigger an out-of-bounds read via a specially crafted Petite packed executable.

• Bug Tracker URL: http://bugs.frugalware.org/task/3250

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2713

• Vulnerable: 5.7-1
• Unaffected: 5.9-1kalgan1

Some vulnerabilities have been reported in Drupal, which can be exploited by malicious people to conduct SQL injection and script insertion attacks.

1. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. delete OpenID identities or translation strings by enticing a logged-in user to visit a malicious site.
2. Certain input passed to numeric fields in the Schema API is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

• Bug Tracker URL: http://bugs.frugalware.org/task/3222

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3219
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3220
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3221
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3222
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3223

• Vulnerable: 5.7-1
• Unaffected: 5.9-1kalgan1

A vulnerability has been reported in Drupal, which can be exploited by malicious people to conduct session fixation attacks. An error in the handling of certain sessions can be exploited to hijack another user’s session by tricking the user into logging in after following a specially crafted link.

• Bug Tracker URL: http://bugs.frugalware.org/task/3256

CVEs:

• There is no CVE for this issue, see http://drupal.org/node/286417

• Vulnerable: 2.11.7-1kalgan1
• Unaffected: 2.11.7.1-1kalgan1

Aung Khant has discovered some vulnerabilities in phpMyAdmin, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to create databases and change the connection character set for an authenticated user, who is tricked into visiting a malicious website.

• Vulnerable: 1.0.1-1kalgan1
• Unaffected: 1.0.2-1kalgan1

A vulnerability has been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when reassembling packets and can be exploited to cause the application to crash when processing a series of malformed packets that are either captured off the wire or loaded via a capture file.

• Bug Tracker URL: http://bugs.frugalware.org/task/3224

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3145

• Vulnerable: 2.6.24-4kalgan3
• Unaffected: 2.6.24-4kalgan4

A vulnerability has been reported in the Linux Kernel, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a boundary error in the “pppol2tp_recvmsg()” function and can potentially be exploited to corrupt kernel memory via a specially crafted PPP over L2TP packet.

• Bug Tracker URL: http://bugs.frugalware.org/task/3173

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2750

• Vulnerable: 9.27-1kalgan1
• Unaffected: 9.50-1kalgan1

Some vulnerabilities have been reported in Opera, which can be exploited by malicious people to disclose potentially sensitive information or to conduct spoofing attacks.

1. An error in the handling of certain characters in a page address can be exploited to e.g. make a site’s address look like another site’s address.
2. An error in the checking of the source of images when used by HTML CANVAS elements can be exploited to retrieve the image data.
3. Pages in frames are able to change the location of pages in other frames on the parent page.

• Bug Tracker URL: http://bugs.frugalware.org/task/3176

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2714
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2715
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2716

• Vulnerable: 2.11.5.2-1kalgan1
• Unaffected: 2.11.7-1kalgan1

Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via unspecified parameters to files in /libraries is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. Successful exploitation requires that “register_globals” is enabled and support for “.htaccess” files is disabled.