Frugalware Security Announcements (FSAs)

Author: vmiklos
Vulnerable: 5.52-4
Unaffected: 5.52-5kalgan1

A vulnerability has been reported in UnZip, which potentially can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to the use of uninitialized pointers in the “inflate_dynamic()” function in inflate.c. This can potentially be exploited to free an attacker-controlled memory region and execute arbitrary code via a specially crafted ZIP compressed file. Successful exploitation may allow execution of arbitrary code.

Author: vmiklos
Vulnerable: 1.1.10.1-1
Unaffected: 1.1.11-1kalgan1

Secunia Research has discovered a vulnerability in xine-lib, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a boundary error within the “sdpplin_parse()” function in input/libreal/sdpplin.c. This can be exploited to overwrite arbitrary memory regions via an overly large “streamid” SDP parameter included in a malicious RTSP stream. Successful exploitation allows execution of arbitrary code.

Author: vmiklos
Vulnerable: 1.4.18-2
Unaffected: 1.4.19-1kalgan1

Some security issues have been reported in lighttpd, which can be exploited by malicious people to disclose potentially sensitive information.

A security issue is caused due to an error in mod_cgi, which can lead to the disclosure of source code when lighttpd is unable to fork.
A security issue is caused due to the mod_userdir module using “$HOME” by default if no userdir.path is set. This can be exploited to disclose the content of arbitrary files on certain systems via e.g. the “nobody” user.

Bug Tracker URL: http://bugs.frugalware.org/task/2844

CVEs:

Author: vmiklos
Vulnerable: 9.4.1-2
Unaffected: 9.4.1-3sayshell1

A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.

Bug Tracker URL: http://bugs.frugalware.org/task/2721

CVEs:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0122

Author: vmiklos
Vulnerable: 1.34.0-5
Unaffected: 1.34.0-6sayshell1

Some vulnerabilities have been reported in Boost, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerabilities are caused due to errors within the parsing of regular expressions in boost/regex/v4/basic_regex_parser.hpp. These can be exploited to crash an application linked against the Boost library via specially crafted regular expressions.

Bug Tracker URL: http://bugs.frugalware.org/task/2720

CVEs:

Author: vmiklos
Vulnerable: 0.8.6j-3terminus1
Unaffected: 0.8.6j-4sayshell1

Some vulnerabilities have been reported in Cacti, which can be exploited by malicious people to conduct HTTP response splitting, cross-site scripting, and SQL injection attacks.

Input passed to unspecified parameters is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Input passed to unspecified parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
Input passed to unspecified parameters is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which will be included in a response sent to the user, allowing for execution of arbitrary HTML and script code in a user’s browser session in context of an affected site.

Bug Tracker URL: http://bugs.frugalware.org/task/2772

CVEs:

Author: vmiklos
Vulnerable: 0.91.2-2sayshell1
Unaffected: 0.92.1-1sayshell1

Some vulnerabilities have been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.

An integer overflow error within the “cli_scanpe()” function in libclamav/pe.c can be exploited to cause a heap-based buffer overflow via a specially crafted PE file.
An error within the “unmew11()” function in libclamav/mew.c can be exploited to corrupt heap memory. Successful exploitation may allow execution of arbitrary code.

Bug Tracker URL: http://bugs.frugalware.org/task/2771

CVEs:

Author: vmiklos
Vulnerable: 1.3.2-2sayshell3
Unaffected: 1.3.6-1sayshell1

A vulnerability has been discovered in CUPS, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system. The vulnerability is caused due to an error within the “process_browse_data()” function when adding printers and classes. This can be exploited to free the same buffer twice by sending specially crafted browser packets to the UDP port on which cupsd is listening (by default port 631/UDP). Successful exploitation may allow execution of arbitrary code.

Author: vmiklos
Vulnerable: 1.0.2-3sayshell1
Unaffected: 1.0.3-1sayshell1

A security issue has been reported in D-Bus, which can be exploited by malicious, local users to bypass certain security restrictions. The security issue is caused due to an error in the processing of messages with a NULL interface, which can be exploited to bypass security policy directives of the form “allow send_interface= [interface]”.

Bug Tracker URL: http://bugs.frugalware.org/task/2822

CVEs:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0595

Author: vmiklos
Vulnerable: 1.1.8-1
Unaffected: 1.1.11-1sayshell1

Some vulnerabilities have been reported in GraphicsMagick, which can be exploited by malicious people to conduct DoS (Denial of Service) attacks or compromise a user’s system. The vulnerabilities are caused due to the use of vulnerable ImageMagick code.

Bug Tracker URL: http://bugs.frugalware.org/task/2807

Frugalware Security Announcements (FSAs)

unzip

xine-lib

lighttpd

CVEs:

bind

CVEs:

boost

CVEs:

cacti

CVEs:

clamav

CVEs:

cups

dbus

CVEs:

graphicsmagick

CVEs: