Frugalware Security Announcements (FSAs)

This is a list of security announcments that have been released for the current stable version of Frugalware

xpdf

  • Author: voroskoi
  • Vulnerable: 3.02-3
  • Unaffected: 3.02-4sayshell1

Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user’s system.

  1. An array indexing error within the “DCTStream::readProgressiveDataUnit()” method in xpdf/Stream.cc can be exploited to corrupt memory via a specially crafted PDF file.
  2. An integer overflow error within the “DCTStream::reset()” method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file.
  3. A boundary error within the “CCITTFaxStream::lookChar()” method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow by tricking a user into opening a PDF file containing a specially crafted “CCITTFaxDecode” filter. Successful exploitation allows execution of arbitrary code.

CVEs:

kernel

  • Author: vmiklos
  • Vulnerable: 2.6.22-7sayshell1
  • Unaffected: 2.6.22-7sayshell2

A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an off-by-two error within the function “ieee80211_rx()” in net/ieee80211/ieee80211_rx.c. This can be exploited to cause a kernel panic by sending a specially crafted ieee80211 frame with the IEEE80211_STYPE_QOS_DATA flag set to an affected system.

CVEs:

  • CVE-2007-4997

cups

  • Author: voroskoi
  • Vulnerable: 1.3.2-1
  • Unaffected: 1.3.2-2sayshell1

Secunia Research has discovered a vulnerability in CUPS, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the “ippReadIO()” function in cups/ipp.c when processing IPP (Internet Printing Protocol) tags. This can be exploited to overwrite one byte on the stack with a zero by sending an IPP request containing specially crafted “textWithLanguage” or “nameWithLanguage” tags. Successful exploitation allows execution of arbitrary code.

django

  • Author: voroskoi
  • Vulnerable: 0.96-1
  • Unaffected: 0.96-2sayshell1

A vulnerability has been reported in Django, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to the Django internationalization system (“i18n”) incorrectly processing HTTP headers. This can be exploited to allocate large amounts of memory by sending specially crafted HTTP “Accept-Language” requests. Successful exploitation requires that the “USE_I18N” option and the “i18n” middleware component are enabled.

liferea

  • Author: voroskoi
  • Vulnerable: 1.2.23-1
  • Unaffected: 1.2.23-2sayshell1

A security issue has been reported in Liferea, which can be exploited by malicious, local users to disclose sensitive information. The security issue is caused due to incorrect file permissions being set for the “feedlist.opml” backup file. This can be exploited to retrieve feed or proxy authentication usernames and passwords.

CVEs:

wordpress

  • Author: voroskoi
  • Vulnerable: 2.2.3-1
  • Unaffected: 2.3.1-1sayshell1

Janek Vind has discovered a vulnerability in WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the “posts_columns” parameter in wp-admin/edit-post-rows.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. Successful exploitation requires that “register_globals” is enabled.

kernel

  • Author: vmiklos
  • Vulnerable: 2.6.22-6
  • Unaffected: 2.6.22-7sayshell1

Evan Teran has reported a security issue in the Linux kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error in ptrace when single-stepping a debugged child process with invalid values in the “CS” register, which can be exploited to cause a kernel oops.

CVEs:

asterisk

  • Author: voroskoi
  • Vulnerable: 1.4.11-2
  • Unaffected: 1.4.13-1sayshell1

A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the IMAP-specific code for processing voicemail messages. This can be exploited to cause a buffer overflow via a specially crafted voicemail message sent as email containing an overly long (more than 1024 characters) combination of Content-Type or Content-Description headers. Successful exploitation requires that a user listens to the voicemail message via a phone.

asterisk-addons

  • Author: voroskoi
  • Vulnerable: 1.4.2-1
  • Unaffected: 1.4.4-1sayshell1

A vulnerability has been reported in Asterisk-Addons, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the source and destination numbers are not properly sanitised in the “cdr_addon_mysql” module before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

CVEs:

tomboy

  • Author: voroskoi
  • Vulnerable: 0.8.0-1
  • Unaffected: 0.8.0-2sayshell1

Jab Oravec has reported a security issue in Tomboy, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the “/usr/bin/tomboy” script incorrectly setting the environment variable LD_LIBRARY_PATH. This can be exploited to gain escalated privileges by e.g. tricking a user into running Tomboy in a directory containing a malicious library.

CVEs:

  • There is no CVE for this issue.