Frugalware Security Announcements (FSAs)

• Vulnerable: 0.9.2-2
• Unaffected: 0.9.2-3kalgan1

A vulnerability has been reported in sweep, which can potentially be exploited by malicious people to compromise a vulnerable system. For more information, see FSA426.

• Bug Tracker URL: http://bugs.frugalware.org/task/3025

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686

• Vulnerable: 0.8.6-12kalgan1
• Unaffected: 0.8.6-12kalgan2

A vulnerability has been reported in vlc, which can potentially be exploited by malicious people to compromise a vulnerable system. For more information, see FSA426.

• Bug Tracker URL: http://bugs.frugalware.org/task/3024

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1686

• Vulnerable: 3.6.4-1
• Unaffected: 3.6.4-2kalgan1

A vulnerability has been reported in Comix, which can be exploited by malicious people to compromise a user’s sytem. The vulnerability is caused due to the improper verification of received filenames when executing the rar, unrar, or jpegtran programs. This can be exploited to execute arbitrary commands via a file containing shell metacharacters within the filename.

• Bug Tracker URL: http://bugs.frugalware.org/task/2923

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1568

• Vulnerable: 22.1-2
• Unaffected: 22.1-3kalgan1

Steve Grubb discovered that vcdiff script as shipped with Emacs uses temporary files insecurely, which makes it possible for local attacker to conduct a symlink attack and make the victim overwrite arbitrary file.

• Bug Tracker URL: http://bugs.frugalware.org/task/3006

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1694

• Vulnerable: 9.0.115.0-1
• Unaffected: 9.0.124.0-1kalgan1

Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or to potentially compromise a user’s system.

1. A boundary error exists in the processing of “Declare Function (V7)” tags. This can be exploited to cause a heap-based buffer overflow via specially crafted flags.
2. An integer overflow in the processing of multimedia files can be exploited to cause a buffer overflow. Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
3. Errors when pinning a hostname to an IP address can be exploited to conduct DNS rebinding attacks.
4. An error when sending HTTP headers can be exploited to bypass cross-domain policy files.
5. An error exists in the enforcing of cross-domain policy files. This can be exploited to bypass certain security restrictions on web servers hosting cross-domain policy files.
6. Input passed to unspecified parameters when handling e.g. the “asfunction:” protocol is not properly sanitised before being returned to the user. This can be exploited to inject arbitrary HTML and script code in a user’s browser session in context of an affected site.

• Bug Tracker URL: http://bugs.frugalware.org/task/2959

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0071
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6019
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6637
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1654
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1655

• Vulnerable: 2.20.0-1
• Unaffected: 2.20.0-2kalgan1

A weakness and a security issue have been reported in gnome-screensaver, which can be exploited by malicious people with physical access to disclose potentially sensitive information or bypass certain security restrictions.

1. A weakness is caused due to the “Leave message” feature allowing attackers to e.g. paste the contents of the clipboard of the user who’s screen is currently locked, which can be exploited to disclose potentially sensitive information.
2. A security issue is caused due to an error if the NIS authentication method is used. This can be exploited to bypass the authentication check and unlock the screen if the NIS server is not reachable.

• Bug Tracker URL: http://bugs.frugalware.org/task/2931

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6389
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0887

• Author: vmiklos
• Vulnerable: 1.4.19-1kalgan1
• Unaffected: 1.4.19-1kalgan2

A vulnerability has been reported in lighttpd, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to lighttpd not properly clearing the OpenSSL error queue. This can be exploited to close concurrent SSL connections of lighttpd by terminating one SSL connection.

• Bug Tracker URL: http://bugs.frugalware.org/task/2922

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1531

• Author: vmiklos
• Vulnerable: 1.4.10-1
• Unaffected: 1.4.10-2kalgan1

A vulnerability and a security issue have been reported in GNU M4, which can be exploited by malicious people to manipulate certain data or to potentially compromise a user’s system.

1. A format string error exists within the “produce_frozen_state()” function in src/freeze.c. This can be exploited via a specially crafted filename passed as a parameter to “m4 -F”. Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into processing a filename containing malicious format specifiers.
2. An error within the implementation of the “maketemp” and “mkstemp” macros can potentially be exploited to trigger the processing of improper files via special characters contained in the output string.

• Bug Tracker URL: http://bugs.frugalware.org/task/2963

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1687
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1688

• Vulnerable: 0.72-1
• Unaffected: 0.73-1kalgan1

David Leadbeater has reported a vulnerability in mtr, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to mtr not properly limiting the length of some buffers.

• Bug Tracker URL: http://bugs.frugalware.org/task/2956

CVEs:

• There is no CVE for this issue.

• Author: vmiklos
• Vulnerable: 3.1.4-3
• Unaffected: 3.1.5-1kalgan1

Amit Klein has reported a vulnerability in PowerDNS Recursor, which can be exploited by malicious people to poison the DNS cache. The vulnerability is caused due to the application using predictable standard C library functions to generate random numbers (e.g. “rand()” and “srand()”), which are then used to create the transaction ID (TRXID) and UDP source port. This can be exploited to poison the DNS cache by guessing the transaction TRXID and the UDP source port.