This is a list of security announcments that have been released for the current stable version of Frugalware
A vulnerability has been reported in WordPress, which can be exploited by malicious users to bypass certain security restrictions and to manipulate data. The xmlrpc.php script does not properly restrict access to the edit functionality. This can be exploited to edit other users’ posts. Successful exploitation requires valid user credentials.
A vulnerability has been discovered in xine-lib, which can potentially be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a boundary error within the “open_flac_file()” function in src/demuxers/demux_flac.c. This can be exploited to corrupt memory via a specially crafted FLAC file.
Some vulnerabilities and weaknesses have been reported Mozilla Firefox, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, conduct spoofing attacks, or to compromise a user’s system.
Some vulnerabilities have been reported in Mozilla SeaMonkey, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, conduct spoofing attacks, or potentially to compromise a vulnerable system. For more information, see FSA373.
A vulnerability have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information or gain escalated privileges. The vulnerability is caused due to certain drivers with registered page fault handlers not correctly preventing size expansions of mapped memory regions beyond the originally allocated size. This can be exploited to gain access to other memory areas via e.g. the “mremap()” system call. Successful exploitation may allow local attackers to disclose and manipulate kernel memory, which potentially can be leveraged to gain escalated privileges.
A vulnerability has been reported in OpenLDAP, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the implementation of modrdn operations. This can be exploited to crash the slapd daemon via a modrdn operation with a NOOP control.
Some vulnerabilities have been reported in MPlayer, which can be exploited by malicious people to compromise a user’s system.
Some vulnerabilities have been reported in Adobe Flash Player, where one vulnerability has an unknown impact and others can be exploited by malicious, local users to gain escalated privileges and by malicious people to bypass certain security restrictions, conduct cross-site scripting and HTTP request splitting attacks, disclose sensitive information, cause a Denial of Service (DoS), or to potentially compromise a user’s system.
An error when parsing specially crafted regular expressions can be exploited to cause a heap-based buffer overflow.
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, and gain escalated privileges. The vulnerability is caused due to the missing verification of parameters within the “vmsplice_to_user()”, “copy_from_user_mmap_sem()”, and “get_iovec_page_array()” functions in fs/splice.c before using them to perform certain memory operations. This can be exploited to e.g. read or write to arbitrary kernel memory via a specially crafted “vmsplice()” system call. Successful exploitation allows attackers to e.g. gain “root” privileges.
A vulnerability has been reported in Qt, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error within the certificate validation in QSslSocket, which can be exploited to e.g. trick an application using QSslSocket into accepting spoofed certificates.
