Frugalware Security Announcements (FSAs)

This is a list of security announcments that have been released for the current stable version of Frugalware

blender

  • Vulnerable: 2.45-1
  • Unaffected: 2.45-2kalgan1

Secunia Research has discovered a vulnerability in Blender, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the “imb_loadhdr()” function in source/blender/imbuf/intern/radiance_hdr.c, which can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted Blender (*.blend) file containing a malicious Radiance RGBE image. Successful exploitation allows execution of arbitrary code.

emacs

  • Vulnerable: 22.1-3kalgan1
  • Unaffected: 22.1-3kalgan2

Morten Welinder has reported a vulnerability in GNU Emacs, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to an error in the processing of fast-lock files (.flc) for corresponding source files. This can be exploited to execute arbitrary Emacs Lisp code when e.g. a source file is opened and a specially crafted fast-lock file exists in the same directory. Successful exploitation requires that “font-lock-support-mode” is set to “fast-lock-mode”.

graphicsmagick

  • Vulnerable: 1.1.12-1kalgan1
  • Unaffected: 1.1.14-1kalgan1

Some vulnerabilities have been reported in GraphicsMagick, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

  1. Two boundary errors exist within the “ReadPALMImage()” function in coders/palm.c. These can be exploited to cause a heap-based buffer underflow via a specially crafted PALM image.
  2. A boundary error exists within the “DecodeImage()” function in coders/pict.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted PICT image.
  3. Multiple unspecified errors within the processing of XCF, DPX, and CINEON images can be exploited to crash the application. Successful exploitation may allow execution of arbitrary code.

CVEs:

imlib2

  • Vulnerable: 1.4.0-1
  • Unaffected: 1.4.0-2kalgan1

Secunia Research has discovered two vulnerabilities in imlib2, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library.

  1. A boundary error exists within the “load()” function in src/modules/loaders/loader_pnm.c when processing the header of a PNM image file. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted PNM image in an application using the imlib2 library. Successful exploitation allows execution of arbitrary code.
  2. A boundary error exists within the “load()” function in src/modules/loader_xpm.c when processing an XPM image file. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted XPM image in an application using the imlib2 library. Successful exploitation may allow execution of arbitrary code.

CVEs:

libvorbis

  • Vulnerable: 1.2.0-1
  • Unaffected: 1.2.0-2kalgan1

Some vulnerabilities have been reported in libvorbis, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise an application using the library.

  1. An input validation error can be exploited to crash an application, cause an infinite loop, or to cause a heap overflow via a specially crafted OGG file containing a codebook dimension of “0”.
  2. An integer overflow error in the processing of residue partition values can be exploited to cause a heap-based buffer overflow via a specially crafted OGG file.
  3. An integer overflow error exists in the computation of “quantvals” and of required space for “quantlist”. This can be exploited to cause a heap-based buffer overflow via a specially crafted OGG file. Successful exploitation may allow execution of arbitrary code.

CVEs:

mrxvt

  • Vulnerable: 0.5.3-1
  • Unaffected: 0.5.3-2kalgan1

A security issue has been reported in mrxvt, which can be exploited by malicious, local users to gain escalated privileges. For more information, see FSA466.

CVEs:

  • There is no CVE for this issue.

rxvt

  • Vulnerable: 2.6.4-2
  • Unaffected: 2.7.10-1kalgan1

Bernhard R. Link has reported a security issue in rxvt, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the program using “:0” as it’s X11 display if the DISPLAY environment variable is missing. This can be exploited to execute arbitrary commands with the privileges of the user running rxvt via a malicious X server.

CVEs:

rxvt-unicode

  • Vulnerable: 9.02-1
  • Unaffected: 9.02-2kalgan1

A security issue has been reported in rxvt-unicode, which can be exploited by malicious, local users to gain escalated privileges. For more information, see FSA466.

CVEs:

  • There is no CVE for this issue.

samba

  • Vulnerable: 3.0.28-1
  • Unaffected: 3.0.30-1kalgan1

Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the “receive_smb_raw()” function in lib/util_sock.c when parsing SMB packets. This can be exploited to cause a heap-based buffer overflow via an overly large SMB packet received in a client context. Successful exploitation allows execution of arbitrary code by tricking a user into connecting to a malicious server (e.g. by clicking an “smb://” link) or by sending specially crafted packets to an “nmbd” server configured as a local or domain master browser.