This is a list of security announcments that have been released for the current stable version of Frugalware
A security issue has been reported in xdvik, which can be exploited by malicious, local users. The vulnerability is caused by creating predictably named temporary files by using mktemp.
A vulnerability has been reported in Net-snmp, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the “__snprint_value()” function in perl/SNMP/SNMP.xs. This can be exploited to cause a buffer overflow in an application using the Net-snmp Perl module by tricking the user into connecting to a malicious SNMP agent.
Secunia Research has discovered a vulnerability in IMP Webmail Client and Horde Groupware Webmail Edition, which can be exploited by malicious people to bypass certain security restrictions and manipulate data. The HTML filter does not filter out frame and frameset HTML elements. Additionally, the application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to (a) delete an arbitrary number of e-mail messages by referencing their numeric IDs and (b) purge deleted mails, when the victim opens a malicious HTML mail. Successful exploitation requires that the victim opens the HTML part of a malicious message.
Two vulnerabilities have been reported in OpenSSL, which can be exploited by malicious people to cause a DoS (Denial of Service).
A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to improper verification of ACK responses during IAX2 handshakes, which can be exploited to spoof an IAX2 handshake and cause a DoS via high bandwidth usage.
A vulnerability has been reported in Django, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the URL is not properly sanitised before being returned to the user through the login form. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
A vulnerability has been reported in libxslt, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system. The vulnerability is caused due to an error in the handling of XSL style-sheet files. This can potentially be exploited to trigger the use of uninitialized memory in e.g. a call to “free()” when a specially crafted XSL file is being processed by an application using the library. Successful exploitation may allow execution of arbitrary code.
A security issue has been reported in MySQL, which can be exploited by malicious, local users to bypass certain security restrictions. The problem is that it is possible to bypass certain privilege checks by creating a MyISAM table with certain DATA DIRECTORY and INDEX DIRECTORY options to overwrite existing table files in the MySQL data directory.
A vulnerability has been reported in Mozilla SeaMonkey, which can potentially be exploited by malicious people to compromise a user’s system. For more information, see FSA431.
A vulnerability been reported in Chicken, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerabilities are caused due to the use of a vulnerable version of the PCRE library.
