Frugalware Security Announcements (FSAs)

This is a list of security announcments that have been released for the current stable version of Frugalware

wordpress

  • Author: voroskoi
  • Vulnerable: 2.3.1-1sayshell1
  • Unaffected: 2.3.2-1terminus1

Some vulnerabilities and a security issue have been reported in WordPress, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to bypass certain security restrictions and to disclose sensitive or system information.

  1. The application does not properly restrict access to posted drafts to users with valid administrator credentials. This can be exploited to read drafts by accessing the index.php script with data in the “PATH_INFO” URL part ending with “wp-admin/”.
  2. The XMLRPC function “metaWeblog.getRecentPosts” does not correctly verify that users have edit rights for a post before disclosing the “post_password”.
  3. A security issue is caused due to certain database error messages containing system information (e.g. table names).

CVEs:

  • There is no CVE entry for this issue.

samba

  • Author: vmiklos
  • Vulnerable: 3.0.26-2sayshell1
  • Unaffected: 3.0.26-2sayshell2

Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the “send_mailslot()” function. This can be exploited to cause a stack-based buffer overflow with zero bytes via a specially crafted “SAMLOGON” domain logon packet containing a username string placed at an odd offset followed by an overly long GETDC string. Successful exploitation allows execution of arbitrary code, but requires that the “domain logons” option is enabled.

mysql

  • Author: vmiklos
  • Vulnerable: 5.0.45-2sayshell1
  • Unaffected: 5.0.45-2sayshell2

A security issue and two vulnerabilities have been reported in MySQL, which can be exploited by malicious users to gain escalated privileges, manipulate certain data, or to cause a DoS (Denial of Service).

  1. A security issue exists due to the command “ALTER VIEW” retaining the original “DEFINER” value, which may allow another user to gain the access rights of the view.
  2. An error in the FEDERATED engine when handling responses of remote servers can be exploited to crash the local server when the response contains fewer columns than expected.
  3. An error when renaming a table can be exploited by malicious users to manipulate certain data.

CVEs:

openoffice.org

  • Author: vmiklos
  • Vulnerable: 2.3.0-1
  • Unaffected: 2.3.0-2sayshell1

A vulnerability has been reported in OpenOffice, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to the improper enforcing of security restrictions when passing SQL queries to the HSQLDB database engine. This can be exploited to call arbitrary static Java methods by tricking the user into executing a specially crafted SQL query contained within a database document. Successful exploitation allows execution of arbitrary code.

firefox

  • Author: voroskoi
  • Vulnerable: 2.0.0.8-1sayshell1
  • Unaffected: 2.0.0.11-1sayshell1

A security issue has been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks. The problem is that the “jar:” protocol handler does not validate the MIME type of the contents of an archive, which are then executed in the context of the site hosting the archive. This can be exploited to conduct cross-site scripting attacks on sites that allow a user to upload certain files (e.g. .zip, .png, .doc, .odt, .txt). Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site request forgery attacks and potentially compromise a user’s system.

pidgin

  • Author: voroskoi
  • Vulnerable: 2.2.1-1
  • Unaffected: 2.2.1-2sayshell1

A weakness has been reported in Pidgin, which can be exploited by malicious people to cause a DoS (Denial of Service). The weakness is caused due to a NULL-pointer dereference error when processing messages with invalid HTML code and can be exploited to cause libpurple to crash. Successful exploitation may require that HTML logging is used.

CVEs:

cups

  • Author: voroskoi
  • Vulnerable: 1.3.2-2sayshell1
  • Unaffected: 1.3.2-2sayshell2

Some vulnerabilities have been reported in CUPS, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user’s system. The vulnerabilities are caused due to the use of a vulnerable version of Xpdf.

CVEs:

emacs

  • Author: voroskoi
  • Vulnerable: 22.1-1
  • Unaffected: 22.1-2sayshell1

Drake Wilson has reported a vulnerability in GNU Emacs, which can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to an error in the “hack-local-variables” function where local variables within a file are processed in an insecure manner. This can be exploited to e.g. modify a user’s user-init-file and execute arbitrary Emacs Lisp code when a specially crafted file is opened. Successful exploitation requires that “enable-local-variables” is set to “:safe”.

mysql

  • Author: voroskoi
  • Vulnerable: 5.0.45-1
  • Unaffected: 5.0.45-2sayshell1

A vulnerability has been reported in MySQL, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an assertion error within the InnoDB engine and can be exploited to crash the database server via certain “CONTAINS” statements. Successful exploitation requires “ALTER” privileges.

CVEs:

php-pear-mdb2

  • Author: voroskoi
  • Vulnerable: 2.4.1-1
  • Unaffected: 2.4.1-2sayshell1

A security issue has been reported in PEAR MDB2, which can be exploited by malicious people to disclose sensitive information. The security issue is caused due to MDB2 potentially making use of PHP’s protocol wrappers when storing certain input as LOB. This can be exploited to e.g. disclose sensitive information by storing a specially crafted URI (e.g. “file:///etc/passwd”) as LOB.

CVEs: